procps-3.2.8-45.AXS4.3
エラータID: AXSA:2018-3135:01
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Asianux would like to thank Qualys Research Labs for reporting these issues.
CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
Update packages.
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
N/A
SRPMS
- procps-3.2.8-45.AXS4.3.src.rpm
MD5: 6080710ddec9344482cdca5cd6e680ae
SHA-256: 150d41fa4dd752e2c55081f4062a089a067b21a3413cecf36ee6675392ff0a96
Size: 391.75 kB
Asianux Server 4 for x86
- procps-3.2.8-45.AXS4.3.i686.rpm
MD5: e13d14753f682bd3b62c30e392a2152a
SHA-256: 3e10566b301b7309897804e9c93405ef79ea4ff2ab512a04954356e70e9d66b6
Size: 218.16 kB
Asianux Server 4 for x86_64
- procps-3.2.8-45.AXS4.3.x86_64.rpm
MD5: fd2db9356be45025e36dd54b31e6ad0b
SHA-256: b9e78c21cebcb6f5fcd008732c04f89fda80d14b07ec83e38d3918363916fc63
Size: 218.79 kB - procps-3.2.8-45.AXS4.3.i686.rpm
MD5: e13d14753f682bd3b62c30e392a2152a
SHA-256: 3e10566b301b7309897804e9c93405ef79ea4ff2ab512a04954356e70e9d66b6
Size: 218.16 kB