Security update for procps SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1848-1 Final 1 1 2018-06-29T07:13:16Z current 2018-06-29T07:13:16Z 2018-06-29T07:13:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for procps This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html E-Mail link for openSUSE-SU-2018:1848-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libprocps3-3.3.9-20.1 procps-3.3.9-20.1 procps-devel-3.3.9-20.1 libprocps3-3.3.9-20.1 as a component of openSUSE Leap 42.3 procps-3.3.9-20.1 as a component of openSUSE Leap 42.3 procps-devel-3.3.9-20.1 as a component of openSUSE Leap 42.3 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. CVE-2018-1122 openSUSE Leap 42.3:libprocps3-3.3.9-20.1 openSUSE Leap 42.3:procps-3.3.9-20.1 openSUSE Leap 42.3:procps-devel-3.3.9-20.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html https://www.suse.com/security/cve/CVE-2018-1122.html CVE-2018-1122 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). CVE-2018-1123 openSUSE Leap 42.3:libprocps3-3.3.9-20.1 openSUSE Leap 42.3:procps-3.3.9-20.1 openSUSE Leap 42.3:procps-devel-3.3.9-20.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html https://www.suse.com/security/cve/CVE-2018-1123.html CVE-2018-1123 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. CVE-2018-1124 openSUSE Leap 42.3:libprocps3-3.3.9-20.1 openSUSE Leap 42.3:procps-3.3.9-20.1 openSUSE Leap 42.3:procps-devel-3.3.9-20.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html https://www.suse.com/security/cve/CVE-2018-1124.html CVE-2018-1124 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. CVE-2018-1125 openSUSE Leap 42.3:libprocps3-3.3.9-20.1 openSUSE Leap 42.3:procps-3.3.9-20.1 openSUSE Leap 42.3:procps-devel-3.3.9-20.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html https://www.suse.com/security/cve/CVE-2018-1125.html CVE-2018-1125 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. CVE-2018-1126 openSUSE Leap 42.3:libprocps3-3.3.9-20.1 openSUSE Leap 42.3:procps-3.3.9-20.1 openSUSE Leap 42.3:procps-devel-3.3.9-20.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html https://www.suse.com/security/cve/CVE-2018-1126.html CVE-2018-1126 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092100 SUSE Bug 1092100 https://bugzilla.suse.com/1093158 SUSE Bug 1093158 https://bugzilla.suse.com/1123135 SUSE Bug 1123135 https://bugzilla.suse.com/1126909 SUSE Bug 1126909