sysstat-11.7.3-9.el8
エラータID: AXSA:2023-5718:02
リリース日:
2023/06/01 Thursday - 01:48
題名:
sysstat-11.7.3-9.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- sysstat の sa_common.c 内の assign_structs() 関数には、バッファ
オーバーフローの問題があるため、ローカルの攻撃者により、性能
データファイルの表示を介して、任意のコードの実行やメモリの破壊
を可能とする脆弱性が存在します。(CVE-2022-39377)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-39377
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
追加情報:
N/A
ダウンロード:
SRPMS
- sysstat-11.7.3-9.el8.src.rpm
MD5: 13c8ad00b334017f61ad4cf8d69a0e50
SHA-256: 6375960012776f0f56d3dd2abf979a02711448fcd5f6e51491a38378ee92586b
Size: 565.54 kB
Asianux Server 8 for x86_64
- sysstat-11.7.3-9.el8.x86_64.rpm
MD5: 4e0eb047191b0fca0d1326a38a8fc601
SHA-256: ad310b5a30d310a70076727a51be70ae23372c5b7a807f8d14995708abc7121b
Size: 425.16 kB
English