sysstat-12.5.4-5.el9
エラータID: AXSA:2023-5796:03
リリース日:
2023/06/02 Friday - 13:10
題名:
sysstat-12.5.4-5.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- sysstat の sa_common.c 内の assign_structs() 関数には、バッファ
オーバーフローの問題があるため、ローカルの攻撃者により、性能
データファイルの表示を介して、任意のコードの実行やメモリの破壊
を可能とする脆弱性が存在します。(CVE-2022-39377)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-39377
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
追加情報:
N/A
ダウンロード:
SRPMS
- sysstat-12.5.4-5.el9.src.rpm
MD5: aa3a42f54cff2b036dc15763678f892a
SHA-256: 977a8f856102b43aeb9b8e3a3178516288eae7e54e97412d48827f48e45e2016
Size: 1.32 MB
Asianux Server 9 for x86_64
- sysstat-12.5.4-5.el9.x86_64.rpm
MD5: a43665ea7f0a40d678c7868dfd314d23
SHA-256: 803b68f5a320cf1be77648c2a08212be3c48a8f1c3cd2569986409a4e8412944
Size: 462.87 kB