Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.852329 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for procps (openSUSE-SU-2019:0291-1) |
Zusammenfassung: | The remote host is missing an update for the 'procps'; package(s) announced via the openSUSE-SU-2019:0291-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'procps' package(s) announced via the openSUSE-SU-2019:0291-1 advisory. Vulnerability Insight: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps mapped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-291=1 Affected Software/OS: procps on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1122 BugTraq ID: 104214 http://www.securityfocus.com/bid/104214 Debian Security Information: DSA-4208 (Google Search) https://www.debian.org/security/2018/dsa-4208 https://www.exploit-db.com/exploits/44806/ https://security.gentoo.org/glsa/201805-14 https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html http://seclists.org/oss-sec/2018/q2/122 RedHat Security Advisories: RHSA-2019:2189 https://access.redhat.com/errata/RHSA-2019:2189 RedHat Security Advisories: RHSA-2020:0595 https://access.redhat.com/errata/RHSA-2020:0595 SuSE Security Announcement: openSUSE-SU-2019:2376 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html SuSE Security Announcement: openSUSE-SU-2019:2379 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html https://usn.ubuntu.com/3658-1/ https://usn.ubuntu.com/3658-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1123 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-1124 RedHat Security Advisories: RHSA-2018:1700 https://access.redhat.com/errata/RHSA-2018:1700 RedHat Security Advisories: RHSA-2018:1777 https://access.redhat.com/errata/RHSA-2018:1777 RedHat Security Advisories: RHSA-2018:1820 https://access.redhat.com/errata/RHSA-2018:1820 RedHat Security Advisories: RHSA-2018:2267 https://access.redhat.com/errata/RHSA-2018:2267 RedHat Security Advisories: RHSA-2018:2268 https://access.redhat.com/errata/RHSA-2018:2268 RedHat Security Advisories: RHSA-2019:1944 https://access.redhat.com/errata/RHSA-2019:1944 RedHat Security Advisories: RHSA-2019:2401 https://access.redhat.com/errata/RHSA-2019:2401 http://www.securitytracker.com/id/1041057 https://usn.ubuntu.com/3658-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1125 Common Vulnerability Exposure (CVE) ID: CVE-2018-1126 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |