Oval Definition:	oval:org.opensuse.security:def:56859
Revision Date: 2020-12-01 Version: 1 Title: Security update for procps (Important) Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Family: unix Class: patch Status: Reference(s): 1001367 1003800 1004477 1005555 1005558 1005562 1005564 1005566 1005569 1005581 1005582 1006539 1007501 1007766 1008318 1010685 1012382 1015400 1018088 1020353 1021868 1029497 1045327 1046554 1046555 1054849 1057950 1069708 1071471 1075697 1082943 1092100 1098599 1101644 1101645 1101651 1101656 1102959 1103411 1105402 1107829 1108145 1109137 1109330 1110286 1112142 1112143 1112144 1112146 1112147 1112152 1112153 1117645 1119019 1120691 1121698 1121753 1121805 1122821 1124728 1124732 1124735 1125315 1126768 1127155 1127758 1127961 1128166 1129080 1129179 1157028 1157482 1158675 899252 917802 917806 971804 973639 974220 979531 988903 990890 CVE-2009-5029 CVE-2011-0020 CVE-2011-0064 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9680 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-3448 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-10251 CVE-2016-1234 CVE-2016-1248 CVE-2016-1601 CVE-2016-3075 CVE-2016-3492 CVE-2016-3706 CVE-2016-4429 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7032 CVE-2016-7076 CVE-2016-7440 CVE-2016-8283 CVE-2016-9583 CVE-2016-9600 CVE-2017-1000251 CVE-2017-15274 CVE-2017-15868 CVE-2017-16939 CVE-2017-3142 CVE-2017-3143 CVE-2017-5498 CVE-2017-6850 CVE-2018-10858 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2018-13785 CVE-2018-14633 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 CVE-2019-13117 CVE-2019-16770 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-8375 CVE-2019-9213 SUSE-SU-2016:1138-1 SUSE-SU-2016:2904-1 SUSE-SU-2016:2933-1 SUSE-SU-2016:2942-1 SUSE-SU-2017:0953-1 SUSE-SU-2017:1736-1 SUSE-SU-2017:2790-1 SUSE-SU-2018:0252-1 SUSE-SU-2018:2320-1 SUSE-SU-2019:0049-1 SUSE-SU-2019:0450-1 SUSE-SU-2019:0828-1 SUSE-SU-2019:1030-1 SUSE-SU-2020:0081-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gnome-keyring-3.20.1-lp150.2 is installed OR gnome-keyring-lang-3.20.1-lp150.2 is installed OR gnome-keyring-pam-3.20.1-lp150.2 is installed OR libgck-modules-gnome-keyring-3.20.1-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information graphviz-2.40.1-lp151.6.3 is installed OR graphviz-addons-2.40.1-lp151.6.3 is installed OR graphviz-devel-2.40.1-lp151.6.3 is installed OR graphviz-doc-2.40.1-lp151.6.3 is installed OR graphviz-gd-2.40.1-lp151.6.3 is installed OR graphviz-gnome-2.40.1-lp151.6.3 is installed OR graphviz-guile-2.40.1-lp151.6.3 is installed OR graphviz-gvedit-2.40.1-lp151.6.3 is installed OR graphviz-java-2.40.1-lp151.6.3 is installed OR graphviz-lua-2.40.1-lp151.6.3 is installed OR graphviz-perl-2.40.1-lp151.6.3 is installed OR graphviz-php-2.40.1-lp151.6.3 is installed OR graphviz-plugins-core-2.40.1-lp151.6.3 is installed OR graphviz-python-2.40.1-lp151.6.3 is installed OR graphviz-ruby-2.40.1-lp151.6.3 is installed OR graphviz-smyrna-2.40.1-lp151.6.3 is installed OR graphviz-tcl-2.40.1-lp151.6.3 is installed OR libgraphviz6-2.40.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libprocps3-3.3.9-11.18 is installed OR procps-3.3.9-11.18 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.0-2.38 is installed OR libwebkit2gtk-4_0-37-2.24.0-2.38 is installed OR libwebkit2gtk3-lang-2.24.0-2.38 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38 is installed OR typelib-1_0-WebKit2-4_0-2.24.0-2.38 is installed OR webkit2gtk-4_0-injected-bundles-2.24.0-2.38 is installed OR webkit2gtk3-2.24.0-2.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND sudo-1.8.10p3-2.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information bind-9.9.9P1-62 is installed OR bind-chrootenv-9.9.9P1-62 is installed OR bind-devel-9.9.9P1-62 is installed OR bind-doc-9.9.9P1-62 is installed OR bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information glibc-2.22-49 is installed OR glibc-32bit-2.22-49 is installed OR glibc-devel-2.22-49 is installed OR glibc-devel-32bit-2.22-49 is installed OR glibc-html-2.22-49 is installed OR glibc-i18ndata-2.22-49 is installed OR glibc-info-2.22-49 is installed OR glibc-locale-2.22-49 is installed OR glibc-locale-32bit-2.22-49 is installed OR glibc-profile-2.22-49 is installed OR glibc-profile-32bit-2.22-49 is installed OR nscd-2.22-49 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libecpg6-10.5-1.3 is installed OR libpq5-10.5-1.3 is installed OR libpq5-32bit-10.5-1.3 is installed OR postgresql-init-10-17.20 is installed OR postgresql10-10.5-1.3 is installed OR postgresql10-contrib-10.5-1.3 is installed OR postgresql10-docs-10.5-1.3 is installed OR postgresql10-libs-10.5-1.3 is installed OR postgresql10-server-10.5-1.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information alsa-1.0.27.2-15 is installed OR alsa-docs-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information gvim-7.4.326-17.6 is installed OR vim-7.4.326-17.6 is installed OR vim-data-7.4.326-17.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND xrdp-0.9.0~git.1456906198.f422461-21.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND libwavpack1-4.60.99-5.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libdcerpc-binding0-4.4.2-38.20 is installed OR libdcerpc-binding0-32bit-4.4.2-38.20 is installed OR libdcerpc0-4.4.2-38.20 is installed OR libdcerpc0-32bit-4.4.2-38.20 is installed OR libndr-krb5pac0-4.4.2-38.20 is installed OR libndr-krb5pac0-32bit-4.4.2-38.20 is installed OR libndr-nbt0-4.4.2-38.20 is installed OR libndr-nbt0-32bit-4.4.2-38.20 is installed OR libndr-standard0-4.4.2-38.20 is installed OR libndr-standard0-32bit-4.4.2-38.20 is installed OR libndr0-4.4.2-38.20 is installed OR libndr0-32bit-4.4.2-38.20 is installed OR libnetapi0-4.4.2-38.20 is installed OR libnetapi0-32bit-4.4.2-38.20 is installed OR libsamba-credentials0-4.4.2-38.20 is installed OR libsamba-credentials0-32bit-4.4.2-38.20 is installed OR libsamba-errors0-4.4.2-38.20 is installed OR libsamba-errors0-32bit-4.4.2-38.20 is installed OR libsamba-hostconfig0-4.4.2-38.20 is installed OR libsamba-hostconfig0-32bit-4.4.2-38.20 is installed OR libsamba-passdb0-4.4.2-38.20 is installed OR libsamba-passdb0-32bit-4.4.2-38.20 is installed OR libsamba-util0-4.4.2-38.20 is installed OR libsamba-util0-32bit-4.4.2-38.20 is installed OR libsamdb0-4.4.2-38.20 is installed OR libsamdb0-32bit-4.4.2-38.20 is installed OR libsmbclient0-4.4.2-38.20 is installed OR libsmbclient0-32bit-4.4.2-38.20 is installed OR libsmbconf0-4.4.2-38.20 is installed OR libsmbconf0-32bit-4.4.2-38.20 is installed OR libsmbldap0-4.4.2-38.20 is installed OR libsmbldap0-32bit-4.4.2-38.20 is installed OR libtevent-util0-4.4.2-38.20 is installed OR libtevent-util0-32bit-4.4.2-38.20 is installed OR libwbclient0-4.4.2-38.20 is installed OR libwbclient0-32bit-4.4.2-38.20 is installed OR samba-4.4.2-38.20 is installed OR samba-client-4.4.2-38.20 is installed OR samba-client-32bit-4.4.2-38.20 is installed OR samba-doc-4.4.2-38.20 is installed OR samba-libs-4.4.2-38.20 is installed OR samba-libs-32bit-4.4.2-38.20 is installed OR samba-winbind-4.4.2-38.20 is installed OR samba-winbind-32bit-4.4.2-38.20 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information MozillaFirefox-68.2.0-109.95 is installed OR MozillaFirefox-translations-common-68.2.0-109.95 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-requests-2.20.1-4.3 is installed
BACK