Debian Bug report logs -
#899170
procps: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126
Package:
src:procps;
Maintainer for src:procps is Craig Small <csmall@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 20 May 2018 09:30:01 UTC
Severity: important
Tags: security ...
The Qualys Research Labs discovered multiple vulnerabilities in procps,
a set of command line and full screen utilities for browsing procfs The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2018-1122
top read its configuration from the current working directory if no
$HOME was configured If top were ...
Several security issues were fixed in procps-ng ...
Several security issues were fixed in procps-ng ...
Synopsis
Important: Red Hat Virtualization security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for RHEL-7Red Hat Product Security h ...
Synopsis
Important: procps security update
Type/Severity
Security Advisory: Important
Topic
An update for procps is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
Synopsis
Important: procps-ng security update
Type/Severity
Security Advisory: Important
Topic
An update for procps-ng is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis
Important: procps security update
Type/Severity
Security Advisory: Important
Topic
An update for procps is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: procps security update
Type/Severity
Security Advisory: Important
Topic
An update for procps is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: procps-ng security update
Type/Severity
Security Advisory: Important
Topic
An update for procps-ng is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec() These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w)(CVE ...
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed The only known exploitable vector for this ...
A security issue has been found in procps-ng <= 3314, in the xcalloc() and xrealloc() functions, where the use of an unsigned int instead of a size_t could lead to integer overflow on 64-bit platforms ...