Debian Bug report logs -
#1042887
procps: CVE-2023-4016 ps buffer overflow
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org
:
Bug#1042887
; Package procps
.
(Wed, 02 Aug 2023 12:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Craig Small <csmall@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org
.
(Wed, 02 Aug 2023 12:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: procps
Version: 2:4.0.3-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
We have a very scant report of a ps buffer overflow security bug.
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
We don't know the versions impacted, we don't know how to cause it. We
have that single sentence. Once (any) details are given we will update
this bug and the gitlab issue.
I made the severity important because I'm not even sure its a real bug
yet.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4016
https://gitlab.com/procps-ng/procps/-/issues/297
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-10-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages procps depends on:
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u1
ii libncursesw6 6.4-4
ii libproc2-0 2:4.0.3-1
ii libtinfo6 6.4-4
Versions of packages procps recommends:
ii psmisc 23.6-1
procps suggests no packages.
-- no debconf information
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Aug 3 11:55:11 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.