Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in procps
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in procps
ID: DSA-4208-1
Distribution: Debian
Plattformen: Debian jessie, Debian stretch
Datum: Di, 22. Mai 2018, 18:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126
Applikationen: procps

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4208-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : procps
CVE ID : CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125
CVE-2018-1126
Debian Bug : 899170

The Qualys Research Labs discovered multiple vulnerabilities in procps,
a set of command line and full screen utilities for browsing procfs. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2018-1122

top read its configuration from the current working directory if no
$HOME was configured. If top were started from a directory writable
by the attacker (such as /tmp) this could result in local privilege
escalation.

CVE-2018-1123

Denial of service against the ps invocation of another user.

CVE-2018-1124

An integer overflow in the file2strvec() function of libprocps could
result in local privilege escalation.

CVE-2018-1125

A stack-based buffer overflow in pgrep could result in denial
of service for a user using pgrep for inspecting a specially
crafted process.

CVE-2018-1126

Incorrect integer size parameters used in wrappers for standard C
allocators could cause integer truncation and lead to integer
overflow issues.

For the oldstable distribution (jessie), these problems have been fixed
in version 2:3.3.9-9+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 2:3.3.12-3+deb9u1.

We recommend that you upgrade your procps packages.

For the detailed security status of procps please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/procps

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsEOvJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QQLA//cysJZC9QFcw9FipzNT3qTGvvGXI08EzA25AhNAkvRmP/QTfJe/xh+nKG
pLFxy54BYCJfRP/mpVZXlr3i1/i5594xWoofDcvrVyhT+l2IoIXs4XhLlUalr6/+
MabPCEq2CBZ3gfJN6y6KILh/KYT4mAeMqXwqO6IcmnL2AkXI5CR4cwjaFyabheHn
VrO0geWUA9YyUOrrEaBS4LJUxs1LXCMNVD3qLRNCn063lMj3U4XXWsFbtZCmCVgZ
NMgiOm92gfTlwDRYXby7l4aWDvK5cuPhp+q7k6bepaUIElr5ijbtME7Xeqf/4peU
r1Rawz3DcxSwag6WBsaQD1aeWoMY65BP366ghIsrfO28qZkeW4SPbe1iUaiZHBGd
lmMYRkYEeJiOYvsd0XUms53pzym3AsF1IsNzzS9LgFYZvEp9DsO4M57e4UllYXiS
gCEAwJsWYOeaggN07OfhV6qRrggdiBN1fPUEgiQ30IahzCg6NCDaIgLJ7OauHPBS
xxN07Y+KnQ8oaPH3Lex1qzqKEeyUn9CV76nWbaWRtJwCyRmC3/SD5wJp94OUuAVE
LyHstcL7QrfodcZ/Ff7++Q/zEhUo8IeCtA0kspXyzemN2dE80CBERB4T+5hi0oRi
EHncQMzJ7J6DelBpUBS13TyXHrW1mVqtdtulwiWAwsScHXBY/Zo=
=9bCU
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung