| Revision Date: | 2020-12-01 | Version: | 1 |
| Title: | Security update for procps (Important) |
| Description: |
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1046305
1046306
1050252
1050549
1051510
1054610
1055121
1056658
1056662
1056787
1060463
1063638
1065600
1070995
1071995
1076530
1078355
1082943
1083548
1083647
1084216
1086095
1086282
1086301
1086313
1086314
1086323
1087082
1087092
1088133
1092100
1094555
1096180
1096368
1098382
1098425
1098995
1103203
1103429
1104353
1105606
1106105
1106434
1106699
1106811
1107078
1107665
1108101
1108870
1109695
1110096
1110705
1111666
1113042
1113712
1113722
1113939
1114279
1114585
1117108
1117155
1117645
1118338
1119019
1119086
1119766
1119843
1120008
1120318
1120601
1120758
1120854
1120902
1120909
1120955
1121317
1121726
1121753
1121789
1121805
1122019
1122192
1122324
1122554
1122662
1122764
1122779
1122822
1122885
1122927
1122944
1122971
1122982
1123060
1123061
1123161
1123317
1123348
1123357
1123456
1123538
1123697
1123882
1123933
1124055
1124204
1124235
1124579
1124589
1124728
1124732
1124735
1124969
1124974
1124975
1124976
1124978
1124979
1124980
1124981
1124982
1124984
1124985
1125109
1125125
1125252
1125315
1125410
1125614
1125728
1125780
1125797
1125799
1125800
1125907
1125947
1126131
1126209
1126389
1126393
1126476
1126480
1126481
1126488
1126495
1126555
1126579
1126789
1126790
1126802
1126803
1126804
1126805
1126806
1126807
1127042
1127062
1127082
1127154
1127285
1127286
1127307
1127363
1127493
1127494
1127495
1127496
1127497
1127498
1127534
1127561
1127567
1127595
1127603
1127682
1127731
1127750
1127836
1127961
1128094
1128166
1128351
1128451
1128895
1129046
1129080
1129163
1129179
1129181
1129182
1129183
1129184
1129205
1129281
1129284
1129285
1129291
1129292
1129293
1129294
1129295
1129296
1129326
1129327
1129330
1129363
1129366
1129497
1129519
1129543
1129547
1129551
1129581
1129625
1129664
1129739
1129923
1136446
1137597
1137835
1140747
1141063
1146569
1146571
1146572
1146702
1153451
1153459
1153666
1157652
1158108
1158109
1158328
1160467
1160468
1160968
1162972
1171862
1174538
824948
CVE-2017-15134
CVE-2017-15135
CVE-2018-10850
CVE-2018-10935
CVE-2018-1122
CVE-2018-1123
CVE-2018-1124
CVE-2018-1125
CVE-2018-1126
CVE-2018-11439
CVE-2018-14624
CVE-2018-20669
CVE-2019-11477
CVE-2019-11478
CVE-2019-11745
CVE-2019-12779
CVE-2019-13722
CVE-2019-14857
CVE-2019-14861
CVE-2019-14870
CVE-2019-14896
CVE-2019-14897
CVE-2019-15142
CVE-2019-15143
CVE-2019-15144
CVE-2019-15145
CVE-2019-17005
CVE-2019-17008
CVE-2019-17009
CVE-2019-17010
CVE-2019-17011
CVE-2019-17012
CVE-2019-17041
CVE-2019-17042
CVE-2019-2024
CVE-2019-3459
CVE-2019-3460
CVE-2019-3819
CVE-2019-3824
CVE-2019-3846
CVE-2019-4732
CVE-2019-6974
CVE-2019-7221
CVE-2019-7222
CVE-2019-7308
CVE-2019-8912
CVE-2019-8980
CVE-2019-9213
CVE-2020-12823
CVE-2020-15652
CVE-2020-15659
CVE-2020-2583
CVE-2020-2593
CVE-2020-2604
CVE-2020-2659
CVE-2020-6463
CVE-2020-6514
SUSE-SU-2019:0639-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:1207-2
SUSE-SU-2019:1374-2
SUSE-SU-2019:1791-1
SUSE-SU-2019:2452-1
SUSE-SU-2019:2730-1
SUSE-SU-2019:2934-1
SUSE-SU-2019:2937-1
SUSE-SU-2019:3319-1
SUSE-SU-2019:3337-1
SUSE-SU-2020:0466-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP3 is installed AND gd-2.0.36.RC1-52.20 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP4 is installed
AND Package Information
kernel-default-3.0.101-71 is installed
OR kernel-default-base-3.0.101-71 is installed
OR kernel-default-devel-3.0.101-71 is installed
OR kernel-default-extra-3.0.101-71 is installed
OR kernel-pae-3.0.101-71 is installed
OR kernel-pae-base-3.0.101-71 is installed
OR kernel-pae-devel-3.0.101-71 is installed
OR kernel-pae-extra-3.0.101-71 is installed
OR kernel-source-3.0.101-71 is installed
OR kernel-syms-3.0.101-71 is installed
OR kernel-trace-3.0.101-71 is installed
OR kernel-trace-devel-3.0.101-71 is installed
OR kernel-xen-3.0.101-71 is installed
OR kernel-xen-base-3.0.101-71 is installed
OR kernel-xen-devel-3.0.101-71 is installed
OR kernel-xen-extra-3.0.101-71 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 is installed
AND Package Information
libopenssl1_0_0-1.0.1i-2 is installed
OR libopenssl1_0_0-32bit-1.0.1i-2 is installed
OR openssl-1.0.1i-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP1 is installed
AND dracut-037-66 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed
AND ctags-5.8-7 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP3 is installed
AND cifs-utils-6.5-8 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP4 is installed
AND Package Information
libICE6-1.0.8-12 is installed
OR libICE6-32bit-1.0.8-12 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Basesystem 15 is installed
AND Package Information
libprocps7-3.3.15-7.7 is installed
OR procps-3.3.15-7.7 is installed
OR procps-devel-3.3.15-7.7 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Legacy Software 15 is installed
AND Package Information
java-1_8_0-ibm-1.8.0_sr6.5-3.33 is installed
OR java-1_8_0-ibm-alsa-1.8.0_sr6.5-3.33 is installed
OR java-1_8_0-ibm-devel-1.8.0_sr6.5-3.33 is installed
OR java-1_8_0-ibm-plugin-1.8.0_sr6.5-3.33 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Live Patching 15 is installed
AND Package Information
kernel-livepatch-4_12_14-25_19-default-7-2 is installed
OR kernel-livepatch-SLE15_Update_5-7-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
AND Package Information
kernel-livepatch-4_12_14-197_26-default-2-2 is installed
OR kernel-livepatch-SLE15-SP1_Update_7-2-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
AND Package Information
kernel-default-4.12.14-150.14 is installed
OR kernel-default-base-4.12.14-150.14 is installed
OR kernel-docs-4.12.14-150.14 is installed
OR kernel-docs-html-4.12.14-150.14 is installed
OR kernel-obs-qa-4.12.14-150.14 is installed
OR kselftests-kmp-default-4.12.14-150.14 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
AND Package Information
libtag1-32bit-1.11.1-4.3 is installed
OR libtag_c0-32bit-1.11.1-4.3 is installed
OR taglib-1.11.1-4.3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
AND Package Information
MozillaThunderbird-68.11.0-3.91 is installed
OR MozillaThunderbird-translations-common-68.11.0-3.91 is installed
OR MozillaThunderbird-translations-other-68.11.0-3.91 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
AND Package Information
libsamba-policy0-4.9.5+git.224.86a8e66adea-3.18 is installed
OR samba-4.9.5+git.224.86a8e66adea-3.18 is installed
OR samba-ad-dc-4.9.5+git.224.86a8e66adea-3.18 is installed
OR samba-dsdb-modules-4.9.5+git.224.86a8e66adea-3.18 is installed
OR samba-libs-python-4.9.5+git.224.86a8e66adea-3.18 is installed
OR samba-python-4.9.5+git.224.86a8e66adea-3.18 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
AND Package Information
389-ds-1.4.0.3-4.7 is installed
OR 389-ds-devel-1.4.0.3-4.7 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
AND Package Information
nodejs10-10.19.0-1.18 is installed
OR nodejs10-devel-10.19.0-1.18 is installed
OR nodejs10-docs-10.19.0-1.18 is installed
OR npm10-10.19.0-1.18 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP1 is installed
AND python-imaging-1.1.7-21 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP1-LTSS is installed
AND Package Information
xen-4.5.5_14-22.25 is installed
OR xen-doc-html-4.5.5_14-22.25 is installed
OR xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25 is installed
OR xen-libs-4.5.5_14-22.25 is installed
OR xen-libs-32bit-4.5.5_14-22.25 is installed
OR xen-tools-4.5.5_14-22.25 is installed
OR xen-tools-domU-4.5.5_14-22.25 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2 is installed
AND Package Information
apache-commons-beanutils-1.9.2-1 is installed
OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-BCL is installed
AND Package Information
libdcerpc-atsvc0-4.2.4-28.29 is installed
OR samba-4.2.4-28.29 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
AND Package Information
kernel-default-4.4.121-92.85 is installed
OR kernel-default-base-4.4.121-92.85 is installed
OR kernel-default-devel-4.4.121-92.85 is installed
OR kernel-devel-4.4.121-92.85 is installed
OR kernel-macros-4.4.121-92.85 is installed
OR kernel-source-4.4.121-92.85 is installed
OR kernel-syms-4.4.121-92.85 is installed
OR kgraft-patch-4_4_121-92_85-default-1-3.5 is installed
OR kgraft-patch-SLE12-SP2_Update_23-1-3.5 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND Package Information
apache2-2.4.23-29.27 is installed
OR apache2-doc-2.4.23-29.27 is installed
OR apache2-example-pages-2.4.23-29.27 is installed
OR apache2-prefork-2.4.23-29.27 is installed
OR apache2-utils-2.4.23-29.27 is installed
OR apache2-worker-2.4.23-29.27 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed
AND Package Information
libapr-util1-1.5.3-1 is installed
OR libapr-util1-dbd-sqlite3-1.5.3-1 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
AND Package Information
libpython3_4m1_0-3.4.6-25.29 is installed
OR python3-3.4.6-25.29 is installed
OR python3-base-3.4.6-25.29 is installed
OR python3-curses-3.4.6-25.29 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-LTSS is installed
AND Package Information
kgraft-patch-4_4_156-94_64-default-7-2 is installed
OR kgraft-patch-SLE12-SP3_Update_20-7-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
AND Package Information
accountsservice-0.6.42-16.8 is installed
OR accountsservice-lang-0.6.42-16.8 is installed
OR libaccountsservice0-0.6.42-16.8 is installed
OR typelib-1_0-AccountsService-1_0-0.6.42-16.8 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 15-LTSS is installed
AND Package Information
libldap-2_4-2-2.4.46-9.31 is installed
OR libldap-2_4-2-32bit-2.4.46-9.31 is installed
OR libldap-data-2.4.46-9.31 is installed
OR openldap2-2.4.46-9.31 is installed
OR openldap2-back-meta-2.4.46-9.31 is installed
OR openldap2-back-perl-2.4.46-9.31 is installed
OR openldap2-client-2.4.46-9.31 is installed
OR openldap2-devel-2.4.46-9.31 is installed
OR openldap2-devel-32bit-2.4.46-9.31 is installed
OR openldap2-devel-static-2.4.46-9.31 is installed
OR openldap2-ppolicy-check-password-1.2-9.31 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server for SAP Applications 15 is installed
AND Package Information
java-11-openjdk-11.0.7.0-3.42 is installed
OR java-11-openjdk-demo-11.0.7.0-3.42 is installed
OR java-11-openjdk-devel-11.0.7.0-3.42 is installed
OR java-11-openjdk-headless-11.0.7.0-3.42 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Workstation Extension 15 is installed
AND Package Information
PackageKit-1.1.10-4.10 is installed
OR PackageKit-gstreamer-plugin-1.1.10-4.10 is installed
OR PackageKit-gtk3-module-1.1.10-4.10 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
AND Package Information
libixion-0.14.1-4.3 is installed
OR libixion-0_14-0-0.14.1-4.3 is installed
OR liborcus-0.14.1-3.3 is installed
OR liborcus-0_14-0-0.14.1-3.3 is installed
OR liborcus-devel-0.14.1-3.3 is installed
OR myspell-af_ZA-20190423-3.9 is installed
OR myspell-ar-20190423-3.9 is installed
OR myspell-bg_BG-20190423-3.9 is installed
OR myspell-bn_BD-20190423-3.9 is installed
OR myspell-br_FR-20190423-3.9 is installed
OR myspell-ca-20190423-3.9 is installed
OR myspell-cs_CZ-20190423-3.9 is installed
OR myspell-da_DK-20190423-3.9 is installed
OR myspell-dictionaries-20190423-3.9 is installed
OR myspell-el_GR-20190423-3.9 is installed
OR myspell-et_EE-20190423-3.9 is installed
OR myspell-fr_FR-20190423-3.9 is installed
OR myspell-gl-20190423-3.9 is installed
OR myspell-gu_IN-20190423-3.9 is installed
OR myspell-he_IL-20190423-3.9 is installed
OR myspell-hi_IN-20190423-3.9 is installed
OR myspell-hr_HR-20190423-3.9 is installed
OR myspell-it_IT-20190423-3.9 is installed
OR myspell-lt_LT-20190423-3.9 is installed
OR myspell-lv_LV-20190423-3.9 is installed
OR myspell-nl_NL-20190423-3.9 is installed
OR myspell-nn_NO-20190423-3.9 is installed
OR myspell-pl_PL-20190423-3.9 is installed
OR myspell-pt_PT-20190423-3.9 is installed
OR myspell-si_LK-20190423-3.9 is installed
OR myspell-sk_SK-20190423-3.9 is installed
OR myspell-sl_SI-20190423-3.9 is installed
OR myspell-sr-20190423-3.9 is installed
OR myspell-sv_SE-20190423-3.9 is installed
OR myspell-te_IN-20190423-3.9 is installed
OR myspell-th_TH-20190423-3.9 is installed
OR myspell-tr_TR-20190423-3.9 is installed
OR myspell-uk_UA-20190423-3.9 is installed
OR myspell-zu_ZA-20190423-3.9 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
AND Package Information
xorg-x11-server-1.20.3-22.5 is installed
OR xorg-x11-server-wayland-1.20.3-22.5 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 6 is installed
AND python-Django-1.8.9-1 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed
AND Package Information
kernel-default-4.4.121-92.92 is installed
OR kernel-default-base-4.4.121-92.92 is installed
OR kernel-default-devel-4.4.121-92.92 is installed
OR kernel-default-man-4.4.121-92.92 is installed
OR kernel-devel-4.4.121-92.92 is installed
OR kernel-macros-4.4.121-92.92 is installed
OR kernel-source-4.4.121-92.92 is installed
OR kernel-syms-4.4.121-92.92 is installed
OR kgraft-patch-4_4_121-92_92-default-1-3.7 is installed
OR kgraft-patch-SLE12-SP2_Update_24-1-3.7 is installed
OR lttng-modules-2.7.1-9.4 is installed
OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 8 is installed
AND cobbler-2.6.6-49.9 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 8 is installed
AND Package Information
ruby2.1-rubygem-rack-1.6.11-3.3 is installed
OR rubygem-rack-1.6.11-3.3 is installed
|