{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for procps","title":"Title of the patch"},{"category":"description","text":"This update for procps fixes the following issues:\n\nprocps was updated to 3.3.15. (bsc#1092100)\n\nFollowing security issues were fixed:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n  with HOME unset in an attacker-controlled directory, the attacker could have\n  achieved privilege escalation by exploiting one of several vulnerabilities in\n  the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n  Inbuilt protection in ps maped a guard page at the end of the overflowed\n  buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n  denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n  corruption in file2strvec function. This allowed a privilege escalation for a\n  local attacker who can create entries in procfs by starting processes, which\n  could result in crashes or arbitrary code execution in proc utilities run by\n  other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n  mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n  truncation/integer overflow issues (bsc#1092100).\n\n\nAlso this non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n\nThe update to 3.3.15 contains the following fixes:\n\n* library: Increment to 8:0:1\n  No removals, no new functions\n  Changes: slab and pid structures\n* library: Just check for SIGLOST and don't delete it\n* library: Fix integer overflow and LPE in file2strvec   CVE-2018-1124\n* library: Use size_t for alloc functions                CVE-2018-1126\n* library: Increase comm size to 64\n* pgrep: Fix stack-based buffer overflow                 CVE-2018-1125\n* pgrep: Remove >15 warning as comm can be longer\n* ps: Fix buffer overflow in output buffer, causing DOS  CVE-2018-1123\n* ps: Increase command name selection field to 64\n* top: Don't use cwd for location of config              CVE-2018-1122\n* update translations\n* library: build on non-glibc systems\n* free: fix scaling on 32-bit systems\n* Revert 'Support running with child namespaces'\n* library: Increment to 7:0:1\n  No changes, no removals\n  New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler\n* doc: Document I idle state in ps.1 and top.1\n* free: fix some of the SI multiples\n* kill: -l space between name parses correctly\n* library: dont use vm_min_free on non Linux\n* library: don't strip off wchan prefixes (ps & top)\n* pgrep: warn about 15+ char name only if -f not used\n* pgrep/pkill: only match in same namespace by default\n* pidof: specify separator between pids\n* pkill: Return 0 only if we can kill process\n* pmap: fix duplicate output line under '-x' option\n* ps: avoid eip/esp address truncations\n* ps: recognizes SCHED_DEADLINE as valid CPU scheduler\n* ps: display NUMA node under which a thread ran\n* ps: Add seconds display for cputime and time\n* ps: Add LUID field\n* sysctl: Permit empty string for value\n* sysctl: Don't segv when file not available\n* sysctl: Read and write large buffers\n* top: add config file support for XDG specification\n* top: eliminated minor libnuma memory leak\n* top: show fewer memory decimal places (configurable)\n* top: provide command line switch for memory scaling\n* top: provide command line switch for CPU States\n* top: provides more accurate cpu usage at startup\n* top: display NUMA node under which a thread ran\n* top: fix argument parsing quirk resulting in SEGV\n* top: delay interval accepts non-locale radix point\n* top: address a wishlist man page NLS suggestion\n* top: fix potential distortion in 'Mem' graph display\n* top: provide proper multi-byte string handling\n* top: startup defaults are fully customizable\n* watch: define HOST_NAME_MAX where not defined\n* vmstat: Fix alignment for disk partition format\n* watch: Support ANSI 39,49 reset sequences\n\nThis update was imported from the SUSE:SLE-15:Update update project.","title":"Description of the patch"},{"category":"details","text":"openSUSE-2019-2376","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2376-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2019:2376-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2019:2376-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB"},{"category":"self","summary":"SUSE Bug 1092100","url":"https://bugzilla.suse.com/1092100"},{"category":"self","summary":"SUSE Bug 1121753","url":"https://bugzilla.suse.com/1121753"},{"category":"self","summary":"SUSE CVE CVE-2018-1122 page","url":"https://www.suse.com/security/cve/CVE-2018-1122/"},{"category":"self","summary":"SUSE CVE CVE-2018-1123 page","url":"https://www.suse.com/security/cve/CVE-2018-1123/"},{"category":"self","summary":"SUSE CVE CVE-2018-1124 page","url":"https://www.suse.com/security/cve/CVE-2018-1124/"},{"category":"self","summary":"SUSE CVE CVE-2018-1125 page","url":"https://www.suse.com/security/cve/CVE-2018-1125/"},{"category":"self","summary":"SUSE CVE CVE-2018-1126 page","url":"https://www.suse.com/security/cve/CVE-2018-1126/"}],"title":"Security update for procps","tracking":{"current_release_date":"2019-10-26T14:24:29Z","generator":{"date":"2019-10-26T14:24:29Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2019:2376-1","initial_release_date":"2019-10-26T14:24:29Z","revision_history":[{"date":"2019-10-26T14:24:29Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libprocps7-3.3.15-lp151.6.3.1.i586","product":{"name":"libprocps7-3.3.15-lp151.6.3.1.i586","product_id":"libprocps7-3.3.15-lp151.6.3.1.i586"}},{"category":"product_version","name":"procps-3.3.15-lp151.6.3.1.i586","product":{"name":"procps-3.3.15-lp151.6.3.1.i586","product_id":"procps-3.3.15-lp151.6.3.1.i586"}},{"category":"product_version","name":"procps-devel-3.3.15-lp151.6.3.1.i586","product":{"name":"procps-devel-3.3.15-lp151.6.3.1.i586","product_id":"procps-devel-3.3.15-lp151.6.3.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"libprocps7-3.3.15-lp151.6.3.1.x86_64","product":{"name":"libprocps7-3.3.15-lp151.6.3.1.x86_64","product_id":"libprocps7-3.3.15-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"procps-3.3.15-lp151.6.3.1.x86_64","product":{"name":"procps-3.3.15-lp151.6.3.1.x86_64","product_id":"procps-3.3.15-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"procps-devel-3.3.15-lp151.6.3.1.x86_64","product":{"name":"procps-devel-3.3.15-lp151.6.3.1.x86_64","product_id":"procps-devel-3.3.15-lp151.6.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.1","product":{"name":"openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libprocps7-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586"},"product_reference":"libprocps7-3.3.15-lp151.6.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"libprocps7-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64"},"product_reference":"libprocps7-3.3.15-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"procps-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586"},"product_reference":"procps-3.3.15-lp151.6.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"procps-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64"},"product_reference":"procps-3.3.15-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"procps-devel-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586"},"product_reference":"procps-devel-3.3.15-lp151.6.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"procps-devel-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"},"product_reference":"procps-devel-3.3.15-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"}]},"vulnerabilities":[{"cve":"CVE-2018-1122","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-1122"}],"notes":[{"category":"general","text":"procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-1122","url":"https://www.suse.com/security/cve/CVE-2018-1122"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-1122","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1092100 for CVE-2018-1122","url":"https://bugzilla.suse.com/1092100"},{"category":"external","summary":"SUSE Bug 1093158 for CVE-2018-1122","url":"https://bugzilla.suse.com/1093158"},{"category":"external","summary":"SUSE Bug 1123135 for CVE-2018-1122","url":"https://bugzilla.suse.com/1123135"},{"category":"external","summary":"SUSE Bug 1126909 for CVE-2018-1122","url":"https://bugzilla.suse.com/1126909"},{"category":"external","summary":"SUSE Bug 1128955 for CVE-2018-1122","url":"https://bugzilla.suse.com/1128955"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-10-26T14:24:29Z","details":"important"}],"title":"CVE-2018-1122"},{"cve":"CVE-2018-1123","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-1123"}],"notes":[{"category":"general","text":"procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-1123","url":"https://www.suse.com/security/cve/CVE-2018-1123"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-1123","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1092100 for CVE-2018-1123","url":"https://bugzilla.suse.com/1092100"},{"category":"external","summary":"SUSE Bug 1093158 for CVE-2018-1123","url":"https://bugzilla.suse.com/1093158"},{"category":"external","summary":"SUSE Bug 1123135 for CVE-2018-1123","url":"https://bugzilla.suse.com/1123135"},{"category":"external","summary":"SUSE Bug 1126909 for CVE-2018-1123","url":"https://bugzilla.suse.com/1126909"},{"category":"external","summary":"SUSE Bug 1128955 for CVE-2018-1123","url":"https://bugzilla.suse.com/1128955"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.0"},"products":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-10-26T14:24:29Z","details":"important"}],"title":"CVE-2018-1123"},{"cve":"CVE-2018-1124","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-1124"}],"notes":[{"category":"general","text":"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-1124","url":"https://www.suse.com/security/cve/CVE-2018-1124"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-1124","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1092100 for CVE-2018-1124","url":"https://bugzilla.suse.com/1092100"},{"category":"external","summary":"SUSE Bug 1093158 for CVE-2018-1124","url":"https://bugzilla.suse.com/1093158"},{"category":"external","summary":"SUSE Bug 1123135 for CVE-2018-1124","url":"https://bugzilla.suse.com/1123135"},{"category":"external","summary":"SUSE Bug 1126909 for CVE-2018-1124","url":"https://bugzilla.suse.com/1126909"},{"category":"external","summary":"SUSE Bug 1128955 for CVE-2018-1124","url":"https://bugzilla.suse.com/1128955"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-10-26T14:24:29Z","details":"important"}],"title":"CVE-2018-1124"},{"cve":"CVE-2018-1125","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-1125"}],"notes":[{"category":"general","text":"procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-1125","url":"https://www.suse.com/security/cve/CVE-2018-1125"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-1125","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1092100 for CVE-2018-1125","url":"https://bugzilla.suse.com/1092100"},{"category":"external","summary":"SUSE Bug 1093158 for CVE-2018-1125","url":"https://bugzilla.suse.com/1093158"},{"category":"external","summary":"SUSE Bug 1123135 for CVE-2018-1125","url":"https://bugzilla.suse.com/1123135"},{"category":"external","summary":"SUSE Bug 1126909 for CVE-2018-1125","url":"https://bugzilla.suse.com/1126909"},{"category":"external","summary":"SUSE Bug 1128955 for CVE-2018-1125","url":"https://bugzilla.suse.com/1128955"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.0"},"products":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-10-26T14:24:29Z","details":"important"}],"title":"CVE-2018-1125"},{"cve":"CVE-2018-1126","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-1126"}],"notes":[{"category":"general","text":"procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-1126","url":"https://www.suse.com/security/cve/CVE-2018-1126"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-1126","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1092100 for CVE-2018-1126","url":"https://bugzilla.suse.com/1092100"},{"category":"external","summary":"SUSE Bug 1093158 for CVE-2018-1126","url":"https://bugzilla.suse.com/1093158"},{"category":"external","summary":"SUSE Bug 1123135 for CVE-2018-1126","url":"https://bugzilla.suse.com/1123135"},{"category":"external","summary":"SUSE Bug 1126909 for CVE-2018-1126","url":"https://bugzilla.suse.com/1126909"},{"category":"external","summary":"SUSE Bug 1128955 for CVE-2018-1126","url":"https://bugzilla.suse.com/1128955"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586","openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-10-26T14:24:29Z","details":"important"}],"title":"CVE-2018-1126"}]}