You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa procps

Sigurnosni nedostaci programskog paketa procps

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4208-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : procps
CVE ID : CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125
CVE-2018-1126
Debian Bug : 899170

The Qualys Research Labs discovered multiple vulnerabilities in procps,
a set of command line and full screen utilities for browsing procfs. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2018-1122

top read its configuration from the current working directory if no
$HOME was configured. If top were started from a directory writable
by the attacker (such as /tmp) this could result in local privilege
escalation.

CVE-2018-1123

Denial of service against the ps invocation of another user.

CVE-2018-1124

An integer overflow in the file2strvec() function of libprocps could
result in local privilege escalation.

CVE-2018-1125

A stack-based buffer overflow in pgrep could result in denial
of service for a user using pgrep for inspecting a specially
crafted process.

CVE-2018-1126

Incorrect integer size parameters used in wrappers for standard C
allocators could cause integer truncation and lead to integer
overflow issues.

For the oldstable distribution (jessie), these problems have been fixed
in version 2:3.3.9-9+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 2:3.3.12-3+deb9u1.

We recommend that you upgrade your procps packages.

For the detailed security status of procps please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/procps

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsEOvJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QQLA//cysJZC9QFcw9FipzNT3qTGvvGXI08EzA25AhNAkvRmP/QTfJe/xh+nKG
pLFxy54BYCJfRP/mpVZXlr3i1/i5594xWoofDcvrVyhT+l2IoIXs4XhLlUalr6/+
MabPCEq2CBZ3gfJN6y6KILh/KYT4mAeMqXwqO6IcmnL2AkXI5CR4cwjaFyabheHn
VrO0geWUA9YyUOrrEaBS4LJUxs1LXCMNVD3qLRNCn063lMj3U4XXWsFbtZCmCVgZ
NMgiOm92gfTlwDRYXby7l4aWDvK5cuPhp+q7k6bepaUIElr5ijbtME7Xeqf/4peU
r1Rawz3DcxSwag6WBsaQD1aeWoMY65BP366ghIsrfO28qZkeW4SPbe1iUaiZHBGd
lmMYRkYEeJiOYvsd0XUms53pzym3AsF1IsNzzS9LgFYZvEp9DsO4M57e4UllYXiS
gCEAwJsWYOeaggN07OfhV6qRrggdiBN1fPUEgiQ30IahzCg6NCDaIgLJ7OauHPBS
xxN07Y+KnQ8oaPH3Lex1qzqKEeyUn9CV76nWbaWRtJwCyRmC3/SD5wJp94OUuAVE
LyHstcL7QrfodcZ/Ff7++Q/zEhUo8IeCtA0kspXyzemN2dE80CBERB4T+5hi0oRi
EHncQMzJ7J6DelBpUBS13TyXHrW1mVqtdtulwiWAwsScHXBY/Zo=
=9bCU
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa packagekit

Otkriven je sigurnosni nedostatak u programskom paketu packagekit za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja...

Close