drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in procps
Name: |
Mehrere Probleme in procps |
|
ID: |
DSA-4208-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Di, 22. Mai 2018, 18:45 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126 |
|
Applikationen: |
procps |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4208-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : procps CVE ID : CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Debian Bug : 899170
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2018-1122
top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation.
CVE-2018-1123
Denial of service against the ps invocation of another user.
CVE-2018-1124
An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation.
CVE-2018-1125
A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process.
CVE-2018-1126
Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues.
For the oldstable distribution (jessie), these problems have been fixed in version 2:3.3.9-9+deb8u1.
For the stable distribution (stretch), these problems have been fixed in version 2:3.3.12-3+deb9u1.
We recommend that you upgrade your procps packages.
For the detailed security status of procps please refer to its security tracker page at: https://security-tracker.debian.org/tracker/procps
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsEOvJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QQLA//cysJZC9QFcw9FipzNT3qTGvvGXI08EzA25AhNAkvRmP/QTfJe/xh+nKG pLFxy54BYCJfRP/mpVZXlr3i1/i5594xWoofDcvrVyhT+l2IoIXs4XhLlUalr6/+ MabPCEq2CBZ3gfJN6y6KILh/KYT4mAeMqXwqO6IcmnL2AkXI5CR4cwjaFyabheHn VrO0geWUA9YyUOrrEaBS4LJUxs1LXCMNVD3qLRNCn063lMj3U4XXWsFbtZCmCVgZ NMgiOm92gfTlwDRYXby7l4aWDvK5cuPhp+q7k6bepaUIElr5ijbtME7Xeqf/4peU r1Rawz3DcxSwag6WBsaQD1aeWoMY65BP366ghIsrfO28qZkeW4SPbe1iUaiZHBGd lmMYRkYEeJiOYvsd0XUms53pzym3AsF1IsNzzS9LgFYZvEp9DsO4M57e4UllYXiS gCEAwJsWYOeaggN07OfhV6qRrggdiBN1fPUEgiQ30IahzCg6NCDaIgLJ7OauHPBS xxN07Y+KnQ8oaPH3Lex1qzqKEeyUn9CV76nWbaWRtJwCyRmC3/SD5wJp94OUuAVE LyHstcL7QrfodcZ/Ff7++Q/zEhUo8IeCtA0kspXyzemN2dE80CBERB4T+5hi0oRi EHncQMzJ7J6DelBpUBS13TyXHrW1mVqtdtulwiWAwsScHXBY/Zo= =9bCU -----END PGP SIGNATURE-----
|
|
|
|