Security update for procps SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2376-1 Final 1 1 2019-10-26T14:24:29Z current 2019-10-26T14:24:29Z 2019-10-26T14:24:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for procps This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2376 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB E-Mail link for openSUSE-SU-2019:2376-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1121753 SUSE Bug 1121753 https://www.suse.com/security/cve/CVE-2018-1122/ SUSE CVE CVE-2018-1122 page https://www.suse.com/security/cve/CVE-2018-1123/ SUSE CVE CVE-2018-1123 page https://www.suse.com/security/cve/CVE-2018-1124/ SUSE CVE CVE-2018-1124 page https://www.suse.com/security/cve/CVE-2018-1125/ SUSE CVE CVE-2018-1125 page https://www.suse.com/security/cve/CVE-2018-1126/ SUSE CVE CVE-2018-1126 page openSUSE Leap 15.1 libprocps7-3.3.15-lp151.6.3.1 procps-3.3.15-lp151.6.3.1 procps-devel-3.3.15-lp151.6.3.1 libprocps7-3.3.15-lp151.6.3.1 as a component of openSUSE Leap 15.1 procps-3.3.15-lp151.6.3.1 as a component of openSUSE Leap 15.1 procps-devel-3.3.15-lp151.6.3.1 as a component of openSUSE Leap 15.1 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. CVE-2018-1122 openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB https://www.suse.com/security/cve/CVE-2018-1122.html CVE-2018-1122 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1128955 SUSE Bug 1128955 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). CVE-2018-1123 openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB https://www.suse.com/security/cve/CVE-2018-1123.html CVE-2018-1123 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1128955 SUSE Bug 1128955 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. CVE-2018-1124 openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB https://www.suse.com/security/cve/CVE-2018-1124.html CVE-2018-1124 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1128955 SUSE Bug 1128955 procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. CVE-2018-1125 openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB https://www.suse.com/security/cve/CVE-2018-1125.html CVE-2018-1125 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1128955 SUSE Bug 1128955 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. CVE-2018-1126 openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1 openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB https://www.suse.com/security/cve/CVE-2018-1126.html CVE-2018-1126 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1128955 SUSE Bug 1128955