AXSA:2019-4112:01

リリース日: 
2019/08/19 Monday - 19:10
題名: 
procps-ng-3.3.10-26.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.

Security Fix(es):

* procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. procps-ng-3.3.10-26.el7.src.rpm
md5sum: 41fbc8021ada729c3b00818edf29c36e
sha256sum: 44912002ecca9f33135f1d6c9164bfdf089b89517b18aa82540f7c642a6393db
Size: 841 Kb

Asianux Server 7.0 for x86_64
1. procps-ng-3.3.10-26.el7.x86_64.rpm
md5sum: 7917733a7755af566af49b5fc490d78a
sha256sum: 981d54ca758111835878bff7643c6958c0d378aafc3ee3fd0a9c882c11010ebf
Size: 290 Kb
2. procps-ng-3.3.10-26.el7.i686.rpm
md5sum: 03ce61e35fd50bf045d652e2dba94974
sha256sum: 6a8efc12de4495efa9014107e3c355590d083459e503ba46647f9744491ef1bd
Size: 285 Kb
Copyright© 2007-2015 Asianux. All rights reserved.