-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: procps-ng security update Advisory ID: RHSA-2020:1265-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1265 Issue date: 2020-04-01 CVE Names: CVE-2018-1122 =====================================================================
1. Summary:
An update for procps-ng is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, s390x, x86_64
3. Description:
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es):
* procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1575466 - CVE-2018-1122 procps-ng, procps: Local privilege escalation in top
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):
Source: procps-ng-3.3.10-17.el7_5.4.src.rpm
x86_64: procps-ng-3.3.10-17.el7_5.4.i686.rpm procps-ng-3.3.10-17.el7_5.4.x86_64.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.i686.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):
x86_64: procps-ng-debuginfo-3.3.10-17.el7_5.4.i686.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.x86_64.rpm procps-ng-devel-3.3.10-17.el7_5.4.i686.rpm procps-ng-devel-3.3.10-17.el7_5.4.x86_64.rpm procps-ng-i18n-3.3.10-17.el7_5.4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: procps-ng-3.3.10-17.el7_5.4.src.rpm
ppc64: procps-ng-3.3.10-17.el7_5.4.ppc.rpm procps-ng-3.3.10-17.el7_5.4.ppc64.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.ppc.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.ppc64.rpm
ppc64le: procps-ng-3.3.10-17.el7_5.4.ppc64le.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.ppc64le.rpm
s390x: procps-ng-3.3.10-17.el7_5.4.s390.rpm procps-ng-3.3.10-17.el7_5.4.s390x.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.s390.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.s390x.rpm
x86_64: procps-ng-3.3.10-17.el7_5.4.i686.rpm procps-ng-3.3.10-17.el7_5.4.x86_64.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.i686.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.5):
ppc64: procps-ng-debuginfo-3.3.10-17.el7_5.4.ppc.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.ppc64.rpm procps-ng-devel-3.3.10-17.el7_5.4.ppc.rpm procps-ng-devel-3.3.10-17.el7_5.4.ppc64.rpm procps-ng-i18n-3.3.10-17.el7_5.4.ppc64.rpm
ppc64le: procps-ng-debuginfo-3.3.10-17.el7_5.4.ppc64le.rpm procps-ng-devel-3.3.10-17.el7_5.4.ppc64le.rpm procps-ng-i18n-3.3.10-17.el7_5.4.ppc64le.rpm
s390x: procps-ng-debuginfo-3.3.10-17.el7_5.4.s390.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.s390x.rpm procps-ng-devel-3.3.10-17.el7_5.4.s390.rpm procps-ng-devel-3.3.10-17.el7_5.4.s390x.rpm procps-ng-i18n-3.3.10-17.el7_5.4.s390x.rpm
x86_64: procps-ng-debuginfo-3.3.10-17.el7_5.4.i686.rpm procps-ng-debuginfo-3.3.10-17.el7_5.4.x86_64.rpm procps-ng-devel-3.3.10-17.el7_5.4.i686.rpm procps-ng-devel-3.3.10-17.el7_5.4.x86_64.rpm procps-ng-i18n-3.3.10-17.el7_5.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-1122 https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXoRR/9zjgjWX9erEAQh/8g//fSR6Hg1EqjoRtuyjEFmvU0RjSGpmanxl 42wz0QKnFcwev8BLJkoxgC7txKQ4mPvfwt5XiCu0aqtfMVHOKGJ7+WKIHeG2FR5p jLKtlk9HUN7KnkvmHP1hIN4lfqf4LBmGUYeq2/3AzlN7YB+jdgnfqYwkya02xx8i T9xrUlOZ+kPT5fcqcwTU25Nnj0smw+OqRGG4T5f14EmoHn+cAfvOu2+k6Qa4t723 9c5hn4wqcBRx1UHisR45SX2aom6WkbGcedkL8SbTi55TT6vUvkhPYzXxbXHa00Sy 4b/KwhIkTCj0dnNYrjUl5efRDwZiPfeMEAQhGf79ugfM2A5KSSjcXF1rpFAnn2cD /EI8r8dn0REeIH2VxasmA8GsKXtr1Ye+LUDcd/2ZIicOeEs41I9HQKXCcI3eyq2V +45QOw2FGFq2UIEIglIjXYsSCGU2BvXyqrbfSXeZQurW2/9f0X9PdGtMLmJveVw+ fSo6KgtzWUHjaJewMKPAvszxqR6CFcpCdrDXa6yQJBjXz7dit2G04DsK4J9FWOBG 81/WNVNFVWFe+OXwUdn/KXjg7LlxlA1dVzURhwmsQzlgj3jk2FokdkYqxYrlqDQ4 iDtF+EOLci2AgEk+oZM0y8s2k6tATERahdNlfof2UyIoUOjfOrCX3PwgeV70IrWc CgGsJuGiizc= =k7f+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|