Oval Definition:oval:com.redhat.rhsa:def:20181700
Revision Date:2018-05-23Version:635
Title:RHSA-2018:1700: procps-ng security update (Important)
Description:The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.

Security Fix(es):

  • procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)

  • procps-ng, procps: incorrect integer size in proc/alloc.
  • leading to truncation / integer overflow issues (CVE-2018-1126)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    Red Hat would like to thank Qualys Research Labs for reporting these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2018-1124
    CVE-2018-1126
    RHSA-2018:1700
    RHSA-2018:1700-00
    RHSA-2018:1700-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • procps-ng is earlier than 0:3.3.10-17.el7_5.2
  • AND procps-ng is signed with Red Hat redhatrelease2 key
  • procps-ng-devel is earlier than 0:3.3.10-17.el7_5.2
  • AND procps-ng-devel is signed with Red Hat redhatrelease2 key
  • procps-ng-i18n is earlier than 0:3.3.10-17.el7_5.2
  • AND procps-ng-i18n is signed with Red Hat redhatrelease2 key
  • BACK