Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1125
Vulnerability from cvelistv5
Published
2018-05-23 14:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| [UNKNOWN] | procps-ng, procps |
Version: procps-ng 3.3.15 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:48.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { name: "USN-3658-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3658-1/", }, { name: "DSA-4208", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4208", }, { name: "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { name: "USN-3658-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3658-3/", }, { name: "104214", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104214", }, { name: "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2018/q2/122", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { name: "openSUSE-SU-2019:2376", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { name: "openSUSE-SU-2019:2379", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "procps-ng, procps", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "procps-ng 3.3.15", }, ], }, ], datePublic: "2018-05-17T00:00:00", descriptions: [ { lang: "en", value: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-26T23:06:07", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { name: "USN-3658-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3658-1/", }, { name: "DSA-4208", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4208", }, { name: "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { name: "USN-3658-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3658-3/", }, { name: "104214", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104214", }, { name: "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2018/q2/122", }, { tags: [ "x_refsource_MISC", ], url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { name: "openSUSE-SU-2019:2376", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { name: "openSUSE-SU-2019:2379", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-1125", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "procps-ng, procps", version: { version_data: [ { version_value: "procps-ng 3.3.15", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", }, ], }, impact: { cvss: [ [ { vectorString: "4.4/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { name: "USN-3658-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3658-1/", }, { name: "DSA-4208", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4208", }, { name: "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { name: "USN-3658-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3658-3/", }, { name: "104214", refsource: "BID", url: "http://www.securityfocus.com/bid/104214", }, { name: "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", refsource: "MLIST", url: "http://seclists.org/oss-sec/2018/q2/122", }, { name: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", refsource: "MISC", url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { name: "openSUSE-SU-2019:2376", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { name: "openSUSE-SU-2019:2379", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-1125", datePublished: "2018-05-23T14:00:00", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-08-05T03:51:48.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2018-1125\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-05-23T14:29:00.343\",\"lastModified\":\"2024-11-21T03:59:14.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.\"},{\"lang\":\"es\",\"value\":\"procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un desbordamiento de búfer basado en pila en pgrep. Esta vulnerabilidad se mitiga mediante FORTIFY, ya que implica el uso de strncat() en una cadena asignada a la pila. Cuando pgrep se compila con FORTIFY (como en Red Hat Enterprise Linux y Fedora), el impacto se limita a un cierre inesperado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.15\",\"matchCriteriaId\":\"9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2018/q2/122\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104214\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-3/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4208\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2018/q2/122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}", }, }
suse-su-2019:2730-1
Vulnerability from csaf_suse
Published
2019-10-21 14:04
Modified
2019-10-21 14:04
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
Patchnames
SUSE-2019-2730,SUSE-SLE-Module-Basesystem-15-2019-2730,SUSE-SLE-Module-Basesystem-15-SP1-2019-2730
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "This update for procps fixes the following issues:\n\nprocps was updated to 3.3.15. (bsc#1092100)\n\nFollowing security issues were fixed:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n\nAlso this non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n\nThe update to 3.3.15 contains the following fixes:\n\n* library: Increment to 8:0:1\n No removals, no new functions\n Changes: slab and pid structures\n* library: Just check for SIGLOST and don't delete it\n* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124\n* library: Use size_t for alloc functions CVE-2018-1126\n* library: Increase comm size to 64\n* pgrep: Fix stack-based buffer overflow CVE-2018-1125\n* pgrep: Remove >15 warning as comm can be longer\n* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123\n* ps: Increase command name selection field to 64\n* top: Don't use cwd for location of config CVE-2018-1122\n* update translations\n* library: build on non-glibc systems\n* free: fix scaling on 32-bit systems\n* Revert 'Support running with child namespaces'\n* library: Increment to 7:0:1\n No changes, no removals\n New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler\n* doc: Document I idle state in ps.1 and top.1\n* free: fix some of the SI multiples\n* kill: -l space between name parses correctly\n* library: dont use vm_min_free on non Linux\n* library: don't strip off wchan prefixes (ps & top)\n* pgrep: warn about 15+ char name only if -f not used\n* pgrep/pkill: only match in same namespace by default\n* pidof: specify separator between pids\n* pkill: Return 0 only if we can kill process\n* pmap: fix duplicate output line under '-x' option\n* ps: avoid eip/esp address truncations\n* ps: recognizes SCHED_DEADLINE as valid CPU scheduler\n* ps: display NUMA node under which a thread ran\n* ps: Add seconds display for cputime and time\n* ps: Add LUID field\n* sysctl: Permit empty string for value\n* sysctl: Don't segv when file not available\n* sysctl: Read and write large buffers\n* top: add config file support for XDG specification\n* top: eliminated minor libnuma memory leak\n* top: show fewer memory decimal places (configurable)\n* top: provide command line switch for memory scaling\n* top: provide command line switch for CPU States\n* top: provides more accurate cpu usage at startup\n* top: display NUMA node under which a thread ran\n* top: fix argument parsing quirk resulting in SEGV\n* top: delay interval accepts non-locale radix point\n* top: address a wishlist man page NLS suggestion\n* top: fix potential distortion in 'Mem' graph display\n* top: provide proper multi-byte string handling\n* top: startup defaults are fully customizable\n* watch: define HOST_NAME_MAX where not defined\n* vmstat: Fix alignment for disk partition format\n* watch: Support ANSI 39,49 reset sequences\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2730,SUSE-SLE-Module-Basesystem-15-2019-2730,SUSE-SLE-Module-Basesystem-15-SP1-2019-2730", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2730-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2730-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2730-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006035.html", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE Bug 1121753", url: "https://bugzilla.suse.com/1121753", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2019-10-21T14:04:59Z", generator: { date: "2019-10-21T14:04:59Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2730-1", initial_release_date: "2019-10-21T14:04:59Z", revision_history: [ { date: "2019-10-21T14:04:59Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libprocps7-3.3.15-7.7.26.aarch64", product: { name: "libprocps7-3.3.15-7.7.26.aarch64", product_id: "libprocps7-3.3.15-7.7.26.aarch64", }, }, { category: "product_version", name: "procps-3.3.15-7.7.26.aarch64", product: { name: "procps-3.3.15-7.7.26.aarch64", product_id: "procps-3.3.15-7.7.26.aarch64", }, }, { category: "product_version", name: "procps-devel-3.3.15-7.7.26.aarch64", product: { name: "procps-devel-3.3.15-7.7.26.aarch64", product_id: "procps-devel-3.3.15-7.7.26.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libprocps7-3.3.15-7.7.26.i586", product: { name: "libprocps7-3.3.15-7.7.26.i586", product_id: "libprocps7-3.3.15-7.7.26.i586", }, }, { category: "product_version", name: "procps-3.3.15-7.7.26.i586", product: { name: "procps-3.3.15-7.7.26.i586", product_id: "procps-3.3.15-7.7.26.i586", }, }, { category: "product_version", name: "procps-devel-3.3.15-7.7.26.i586", product: { name: "procps-devel-3.3.15-7.7.26.i586", product_id: "procps-devel-3.3.15-7.7.26.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libprocps7-3.3.15-7.7.26.ppc64le", product: { name: "libprocps7-3.3.15-7.7.26.ppc64le", product_id: "libprocps7-3.3.15-7.7.26.ppc64le", }, }, { category: "product_version", name: "procps-3.3.15-7.7.26.ppc64le", product: { name: "procps-3.3.15-7.7.26.ppc64le", product_id: "procps-3.3.15-7.7.26.ppc64le", }, }, { category: "product_version", name: "procps-devel-3.3.15-7.7.26.ppc64le", product: { name: "procps-devel-3.3.15-7.7.26.ppc64le", product_id: "procps-devel-3.3.15-7.7.26.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libprocps7-3.3.15-7.7.26.s390x", product: { name: "libprocps7-3.3.15-7.7.26.s390x", product_id: "libprocps7-3.3.15-7.7.26.s390x", }, }, { category: "product_version", name: "procps-3.3.15-7.7.26.s390x", product: { name: "procps-3.3.15-7.7.26.s390x", product_id: "procps-3.3.15-7.7.26.s390x", }, }, { category: "product_version", name: "procps-devel-3.3.15-7.7.26.s390x", product: { name: "procps-devel-3.3.15-7.7.26.s390x", product_id: "procps-devel-3.3.15-7.7.26.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libprocps7-3.3.15-7.7.26.x86_64", product: { name: "libprocps7-3.3.15-7.7.26.x86_64", product_id: "libprocps7-3.3.15-7.7.26.x86_64", }, }, { category: "product_version", name: "procps-3.3.15-7.7.26.x86_64", product: { name: "procps-3.3.15-7.7.26.x86_64", product_id: "procps-3.3.15-7.7.26.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.15-7.7.26.x86_64", product: { name: "procps-devel-3.3.15-7.7.26.x86_64", product_id: "procps-devel-3.3.15-7.7.26.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", }, product_reference: "libprocps7-3.3.15-7.7.26.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", }, product_reference: "libprocps7-3.3.15-7.7.26.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", }, product_reference: "libprocps7-3.3.15-7.7.26.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", }, product_reference: "libprocps7-3.3.15-7.7.26.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", }, product_reference: "procps-3.3.15-7.7.26.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", }, product_reference: "procps-3.3.15-7.7.26.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", }, product_reference: "procps-3.3.15-7.7.26.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", }, product_reference: "procps-3.3.15-7.7.26.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", }, product_reference: "procps-devel-3.3.15-7.7.26.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", }, product_reference: "procps-devel-3.3.15-7.7.26.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", }, product_reference: "procps-devel-3.3.15-7.7.26.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", }, product_reference: "procps-devel-3.3.15-7.7.26.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", }, product_reference: "libprocps7-3.3.15-7.7.26.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", }, product_reference: "libprocps7-3.3.15-7.7.26.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", }, product_reference: "libprocps7-3.3.15-7.7.26.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-7.7.26.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", }, product_reference: "libprocps7-3.3.15-7.7.26.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", }, product_reference: "procps-3.3.15-7.7.26.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", }, product_reference: "procps-3.3.15-7.7.26.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", }, product_reference: "procps-3.3.15-7.7.26.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-7.7.26.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", }, product_reference: "procps-3.3.15-7.7.26.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", }, product_reference: "procps-devel-3.3.15-7.7.26.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", }, product_reference: "procps-devel-3.3.15-7.7.26.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", }, product_reference: "procps-devel-3.3.15-7.7.26.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-7.7.26.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", }, product_reference: "procps-devel-3.3.15-7.7.26.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-21T14:04:59Z", details: "important", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-21T14:04:59Z", details: "important", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-21T14:04:59Z", details: "important", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-21T14:04:59Z", details: "important", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:procps-devel-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:libprocps7-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-3.3.15-7.7.26.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.s390x", "SUSE Linux Enterprise Module for Basesystem 15:procps-devel-3.3.15-7.7.26.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-21T14:04:59Z", details: "important", }, ], title: "CVE-2018-1126", }, ], }
suse-su-2018:1836-1
Vulnerability from csaf_suse
Published
2018-06-28 11:44
Modified
2018-06-28 11:44
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Patchnames
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1242,SUSE-SLE-DESKTOP-12-SP3-2018-1242,SUSE-SLE-SDK-12-SP3-2018-1242,SUSE-SLE-SERVER-12-SP3-2018-1242
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "This update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1242,SUSE-SLE-DESKTOP-12-SP3-2018-1242,SUSE-SLE-SDK-12-SP3-2018-1242,SUSE-SLE-SERVER-12-SP3-2018-1242", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1836-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:1836-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20181836-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:1836-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-June/004229.html", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2018-06-28T11:44:22Z", generator: { date: "2018-06-28T11:44:22Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:1836-1", initial_release_date: "2018-06-28T11:44:22Z", revision_history: [ { date: "2018-06-28T11:44:22Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "procps-devel-3.3.9-11.11.1.aarch64", product: { name: "procps-devel-3.3.9-11.11.1.aarch64", product_id: "procps-devel-3.3.9-11.11.1.aarch64", }, }, { category: "product_version", name: "libprocps3-3.3.9-11.11.1.aarch64", product: { name: "libprocps3-3.3.9-11.11.1.aarch64", product_id: "libprocps3-3.3.9-11.11.1.aarch64", }, }, { category: "product_version", name: "procps-3.3.9-11.11.1.aarch64", product: { name: "procps-3.3.9-11.11.1.aarch64", product_id: "procps-3.3.9-11.11.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "procps-devel-3.3.9-11.11.1.ppc64le", product: { name: "procps-devel-3.3.9-11.11.1.ppc64le", product_id: "procps-devel-3.3.9-11.11.1.ppc64le", }, }, { category: "product_version", name: "libprocps3-3.3.9-11.11.1.ppc64le", product: { name: "libprocps3-3.3.9-11.11.1.ppc64le", product_id: "libprocps3-3.3.9-11.11.1.ppc64le", }, }, { category: "product_version", name: "procps-3.3.9-11.11.1.ppc64le", product: { name: "procps-3.3.9-11.11.1.ppc64le", product_id: "procps-3.3.9-11.11.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "procps-devel-3.3.9-11.11.1.s390x", product: { name: "procps-devel-3.3.9-11.11.1.s390x", product_id: "procps-devel-3.3.9-11.11.1.s390x", }, }, { category: "product_version", name: "libprocps3-3.3.9-11.11.1.s390x", product: { name: "libprocps3-3.3.9-11.11.1.s390x", product_id: "libprocps3-3.3.9-11.11.1.s390x", }, }, { category: "product_version", name: "procps-3.3.9-11.11.1.s390x", product: { name: "procps-3.3.9-11.11.1.s390x", product_id: "procps-3.3.9-11.11.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.11.1.x86_64", product: { name: "libprocps3-3.3.9-11.11.1.x86_64", product_id: "libprocps3-3.3.9-11.11.1.x86_64", }, }, { category: "product_version", name: "procps-3.3.9-11.11.1.x86_64", product: { name: "procps-3.3.9-11.11.1.x86_64", product_id: "procps-3.3.9-11.11.1.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.11.1.x86_64", product: { name: "procps-devel-3.3.9-11.11.1.x86_64", product_id: "procps-devel-3.3.9-11.11.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP3", product: { name: "SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3", product: { name: "SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", }, product_reference: "procps-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", }, product_reference: "procps-devel-3.3.9-11.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", }, product_reference: "procps-devel-3.3.9-11.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", }, product_reference: "procps-devel-3.3.9-11.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", }, product_reference: "procps-devel-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", }, product_reference: "libprocps3-3.3.9-11.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", }, product_reference: "procps-3.3.9-11.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", }, product_reference: "procps-3.3.9-11.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", }, product_reference: "procps-3.3.9-11.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", }, product_reference: "procps-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", }, product_reference: "libprocps3-3.3.9-11.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", }, product_reference: "procps-3.3.9-11.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", }, product_reference: "procps-3.3.9-11.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", }, product_reference: "procps-3.3.9-11.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", }, product_reference: "procps-3.3.9-11.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-06-28T11:44:22Z", details: "moderate", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-06-28T11:44:22Z", details: "moderate", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-06-28T11:44:22Z", details: "moderate", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-06-28T11:44:22Z", details: "moderate", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-06-28T11:44:22Z", details: "moderate", }, ], title: "CVE-2018-1126", }, ], }
suse-su-2018:2042-1
Vulnerability from csaf_suse
Published
2018-07-23 08:58
Modified
2018-07-23 08:58
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Patchnames
slessp4-procps-13699
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "This update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n", title: "Description of the patch", }, { category: "details", text: "slessp4-procps-13699", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2042-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:2042-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20182042-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:2042-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004299.html", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2018-07-23T08:58:30Z", generator: { date: "2018-07-23T08:58:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:2042-1", initial_release_date: "2018-07-23T08:58:30Z", revision_history: [ { date: "2018-07-23T08:58:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "procps-3.2.7-152.31.1.i586", product: { name: "procps-3.2.7-152.31.1.i586", product_id: "procps-3.2.7-152.31.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "procps-3.2.7-152.31.1.ia64", product: { name: "procps-3.2.7-152.31.1.ia64", product_id: "procps-3.2.7-152.31.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "procps-3.2.7-152.31.1.ppc64", product: { name: "procps-3.2.7-152.31.1.ppc64", product_id: "procps-3.2.7-152.31.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "procps-3.2.7-152.31.1.s390x", product: { name: "procps-3.2.7-152.31.1.s390x", product_id: "procps-3.2.7-152.31.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "procps-3.2.7-152.31.1.x86_64", product: { name: "procps-3.2.7-152.31.1.x86_64", product_id: "procps-3.2.7-152.31.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", }, product_reference: "procps-3.2.7-152.31.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", }, product_reference: "procps-3.2.7-152.31.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", }, product_reference: "procps-3.2.7-152.31.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", }, product_reference: "procps-3.2.7-152.31.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", }, product_reference: "procps-3.2.7-152.31.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", }, product_reference: "procps-3.2.7-152.31.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", }, product_reference: "procps-3.2.7-152.31.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", }, product_reference: "procps-3.2.7-152.31.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", }, product_reference: "procps-3.2.7-152.31.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.2.7-152.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", }, product_reference: "procps-3.2.7-152.31.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-07-23T08:58:30Z", details: "moderate", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-07-23T08:58:30Z", details: "moderate", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-07-23T08:58:30Z", details: "moderate", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-07-23T08:58:30Z", details: "moderate", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-07-23T08:58:30Z", details: "moderate", }, ], title: "CVE-2018-1126", }, ], }
suse-su-2019:0450-1
Vulnerability from csaf_suse
Published
2019-02-20 15:43
Modified
2019-02-20 15:43
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)
Also the following non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
Patchnames
SUSE-2019-450,SUSE-OpenStack-Cloud-7-2019-450,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-450,SUSE-SLE-DESKTOP-12-SP3-2019-450,SUSE-SLE-DESKTOP-12-SP4-2019-450,SUSE-SLE-SAP-12-SP2-2019-450,SUSE-SLE-SDK-12-SP3-2019-450,SUSE-SLE-SDK-12-SP4-2019-450,SUSE-SLE-SERVER-12-2019-450,SUSE-SLE-SERVER-12-SP1-2019-450,SUSE-SLE-SERVER-12-SP2-2019-450,SUSE-SLE-SERVER-12-SP2-BCL-2019-450,SUSE-SLE-SERVER-12-SP3-2019-450,SUSE-SLE-SERVER-12-SP4-2019-450,SUSE-Storage-4-2019-450
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "\n \nThis update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)\n\nAlso the following non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-450,SUSE-OpenStack-Cloud-7-2019-450,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-450,SUSE-SLE-DESKTOP-12-SP3-2019-450,SUSE-SLE-DESKTOP-12-SP4-2019-450,SUSE-SLE-SAP-12-SP2-2019-450,SUSE-SLE-SDK-12-SP3-2019-450,SUSE-SLE-SDK-12-SP4-2019-450,SUSE-SLE-SERVER-12-2019-450,SUSE-SLE-SERVER-12-SP1-2019-450,SUSE-SLE-SERVER-12-SP2-2019-450,SUSE-SLE-SERVER-12-SP2-BCL-2019-450,SUSE-SLE-SERVER-12-SP3-2019-450,SUSE-SLE-SERVER-12-SP4-2019-450,SUSE-Storage-4-2019-450", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0450-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:0450-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20190450-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:0450-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005142.html", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE Bug 1121753", url: "https://bugzilla.suse.com/1121753", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2019-02-20T15:43:19Z", generator: { date: "2019-02-20T15:43:19Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:0450-1", initial_release_date: "2019-02-20T15:43:19Z", revision_history: [ { date: "2019-02-20T15:43:19Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.aarch64", product: { name: "libprocps3-3.3.9-11.18.1.aarch64", product_id: "libprocps3-3.3.9-11.18.1.aarch64", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.aarch64", product: { name: "procps-3.3.9-11.18.1.aarch64", product_id: "procps-3.3.9-11.18.1.aarch64", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.aarch64", product: { name: "procps-devel-3.3.9-11.18.1.aarch64", product_id: "procps-devel-3.3.9-11.18.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.i586", product: { name: "libprocps3-3.3.9-11.18.1.i586", product_id: "libprocps3-3.3.9-11.18.1.i586", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.i586", product: { name: "procps-3.3.9-11.18.1.i586", product_id: "procps-3.3.9-11.18.1.i586", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.i586", product: { name: "procps-devel-3.3.9-11.18.1.i586", product_id: "procps-devel-3.3.9-11.18.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.ppc64le", product: { name: "libprocps3-3.3.9-11.18.1.ppc64le", product_id: "libprocps3-3.3.9-11.18.1.ppc64le", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.ppc64le", product: { name: "procps-3.3.9-11.18.1.ppc64le", product_id: "procps-3.3.9-11.18.1.ppc64le", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.ppc64le", product: { name: "procps-devel-3.3.9-11.18.1.ppc64le", product_id: "procps-devel-3.3.9-11.18.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.s390", product: { name: "libprocps3-3.3.9-11.18.1.s390", product_id: "libprocps3-3.3.9-11.18.1.s390", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.s390", product: { name: "procps-3.3.9-11.18.1.s390", product_id: "procps-3.3.9-11.18.1.s390", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.s390", product: { name: "procps-devel-3.3.9-11.18.1.s390", product_id: "procps-devel-3.3.9-11.18.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.s390x", product: { name: "libprocps3-3.3.9-11.18.1.s390x", product_id: "libprocps3-3.3.9-11.18.1.s390x", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.s390x", product: { name: "procps-3.3.9-11.18.1.s390x", product_id: "procps-3.3.9-11.18.1.s390x", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.s390x", product: { name: "procps-devel-3.3.9-11.18.1.s390x", product_id: "procps-devel-3.3.9-11.18.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.x86_64", product: { name: "libprocps3-3.3.9-11.18.1.x86_64", product_id: "libprocps3-3.3.9-11.18.1.x86_64", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.x86_64", product: { name: "procps-3.3.9-11.18.1.x86_64", product_id: "procps-3.3.9-11.18.1.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.x86_64", product: { name: "procps-devel-3.3.9-11.18.1.x86_64", product_id: "procps-devel-3.3.9-11.18.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 7", product: { name: "SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:7", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP3", product: { name: "SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP4", product: { name: "SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12-LTSS", product: { name: "SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3", product: { name: "SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4", product: { name: "SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 4", product: { name: "SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4", product_identification_helper: { cpe: "cpe:/o:suse:ses:4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", }, product_reference: "procps-devel-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-devel-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", }, product_reference: "procps-devel-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", }, product_reference: "procps-devel-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", }, product_reference: "procps-devel-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-devel-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", }, product_reference: "procps-devel-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", }, product_reference: "procps-devel-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", }, product_reference: "procps-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", }, product_reference: "procps-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", }, product_reference: "procps-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", }, product_reference: "libprocps3-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", }, product_reference: "procps-3.3.9-11.18.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", }, product_reference: "procps-3.3.9-11.18.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", }, product_reference: "procps-3.3.9-11.18.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-02-20T15:43:19Z", details: "important", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-02-20T15:43:19Z", details: "important", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-02-20T15:43:19Z", details: "important", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-02-20T15:43:19Z", details: "important", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Enterprise Storage 4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server 12-LTSS:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:procps-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:procps-devel-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:libprocps3-3.3.9-11.18.1.x86_64", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.s390x", "SUSE OpenStack Cloud 7:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-02-20T15:43:19Z", details: "important", }, ], title: "CVE-2018-1126", }, ], }
suse-su-2018:2451-2
Vulnerability from csaf_suse
Published
2018-11-26 16:46
Modified
2018-11-26 16:46
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Patchnames
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1696,SUSE-SLE-DESKTOP-12-SP3-2018-1696,SUSE-SLE-SDK-12-SP3-2018-1696,SUSE-SLE-SERVER-12-SP3-2018-1696
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "This update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1696,SUSE-SLE-DESKTOP-12-SP3-2018-1696,SUSE-SLE-SDK-12-SP3-2018-1696,SUSE-SLE-SERVER-12-SP3-2018-1696", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2451-2.json", }, { category: "self", summary: "URL for SUSE-SU-2018:2451-2", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20182451-2/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:2451-2", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004889.html", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2018-11-26T16:46:46Z", generator: { date: "2018-11-26T16:46:46Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:2451-2", initial_release_date: "2018-11-26T16:46:46Z", revision_history: [ { date: "2018-11-26T16:46:46Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "procps-devel-3.3.9-11.14.1.aarch64", product: { name: "procps-devel-3.3.9-11.14.1.aarch64", product_id: "procps-devel-3.3.9-11.14.1.aarch64", }, }, { category: "product_version", name: "libprocps3-3.3.9-11.14.1.aarch64", product: { name: "libprocps3-3.3.9-11.14.1.aarch64", product_id: "libprocps3-3.3.9-11.14.1.aarch64", }, }, { category: "product_version", name: "procps-3.3.9-11.14.1.aarch64", product: { name: "procps-3.3.9-11.14.1.aarch64", product_id: "procps-3.3.9-11.14.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "procps-devel-3.3.9-11.14.1.ppc64le", product: { name: "procps-devel-3.3.9-11.14.1.ppc64le", product_id: "procps-devel-3.3.9-11.14.1.ppc64le", }, }, { category: "product_version", name: "libprocps3-3.3.9-11.14.1.ppc64le", product: { name: "libprocps3-3.3.9-11.14.1.ppc64le", product_id: "libprocps3-3.3.9-11.14.1.ppc64le", }, }, { category: "product_version", name: "procps-3.3.9-11.14.1.ppc64le", product: { name: "procps-3.3.9-11.14.1.ppc64le", product_id: "procps-3.3.9-11.14.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "procps-devel-3.3.9-11.14.1.s390x", product: { name: "procps-devel-3.3.9-11.14.1.s390x", product_id: "procps-devel-3.3.9-11.14.1.s390x", }, }, { category: "product_version", name: "libprocps3-3.3.9-11.14.1.s390x", product: { name: "libprocps3-3.3.9-11.14.1.s390x", product_id: "libprocps3-3.3.9-11.14.1.s390x", }, }, { category: "product_version", name: "procps-3.3.9-11.14.1.s390x", product: { name: "procps-3.3.9-11.14.1.s390x", product_id: "procps-3.3.9-11.14.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.14.1.x86_64", product: { name: "libprocps3-3.3.9-11.14.1.x86_64", product_id: "libprocps3-3.3.9-11.14.1.x86_64", }, }, { category: "product_version", name: "procps-3.3.9-11.14.1.x86_64", product: { name: "procps-3.3.9-11.14.1.x86_64", product_id: "procps-3.3.9-11.14.1.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.14.1.x86_64", product: { name: "procps-devel-3.3.9-11.14.1.x86_64", product_id: "procps-devel-3.3.9-11.14.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP3", product: { name: "SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3", product: { name: "SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", }, product_reference: "procps-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", }, product_reference: "procps-devel-3.3.9-11.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", }, product_reference: "procps-devel-3.3.9-11.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", }, product_reference: "procps-devel-3.3.9-11.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", }, product_reference: "procps-devel-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", }, product_reference: "libprocps3-3.3.9-11.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", }, product_reference: "procps-3.3.9-11.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", }, product_reference: "procps-3.3.9-11.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", }, product_reference: "procps-3.3.9-11.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", }, product_reference: "procps-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", }, product_reference: "libprocps3-3.3.9-11.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", }, product_reference: "libprocps3-3.3.9-11.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", }, product_reference: "libprocps3-3.3.9-11.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", }, product_reference: "procps-3.3.9-11.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", }, product_reference: "procps-3.3.9-11.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", }, product_reference: "procps-3.3.9-11.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", }, product_reference: "procps-3.3.9-11.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-11-26T16:46:46Z", details: "moderate", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-11-26T16:46:46Z", details: "moderate", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-11-26T16:46:46Z", details: "moderate", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-11-26T16:46:46Z", details: "moderate", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-11-26T16:46:46Z", details: "moderate", }, ], title: "CVE-2018-1126", }, ], }
suse-su-2019:0450-2
Vulnerability from csaf_suse
Published
2019-04-27 13:16
Modified
2019-04-27 13:16
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)
Also the following non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
Patchnames
SUSE-2019-450,SUSE-SLE-SAP-12-SP1-2019-450
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "\n \nThis update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)\n\nAlso the following non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-450,SUSE-SLE-SAP-12-SP1-2019-450", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0450-2.json", }, { category: "self", summary: "URL for SUSE-SU-2019:0450-2", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20190450-2/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:0450-2", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005384.html", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE Bug 1121753", url: "https://bugzilla.suse.com/1121753", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2019-04-27T13:16:38Z", generator: { date: "2019-04-27T13:16:38Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:0450-2", initial_release_date: "2019-04-27T13:16:38Z", revision_history: [ { date: "2019-04-27T13:16:38Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.aarch64", product: { name: "libprocps3-3.3.9-11.18.1.aarch64", product_id: "libprocps3-3.3.9-11.18.1.aarch64", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.aarch64", product: { name: "procps-3.3.9-11.18.1.aarch64", product_id: "procps-3.3.9-11.18.1.aarch64", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.aarch64", product: { name: "procps-devel-3.3.9-11.18.1.aarch64", product_id: "procps-devel-3.3.9-11.18.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.i586", product: { name: "libprocps3-3.3.9-11.18.1.i586", product_id: "libprocps3-3.3.9-11.18.1.i586", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.i586", product: { name: "procps-3.3.9-11.18.1.i586", product_id: "procps-3.3.9-11.18.1.i586", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.i586", product: { name: "procps-devel-3.3.9-11.18.1.i586", product_id: "procps-devel-3.3.9-11.18.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.ppc64le", product: { name: "libprocps3-3.3.9-11.18.1.ppc64le", product_id: "libprocps3-3.3.9-11.18.1.ppc64le", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.ppc64le", product: { name: "procps-3.3.9-11.18.1.ppc64le", product_id: "procps-3.3.9-11.18.1.ppc64le", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.ppc64le", product: { name: "procps-devel-3.3.9-11.18.1.ppc64le", product_id: "procps-devel-3.3.9-11.18.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.s390", product: { name: "libprocps3-3.3.9-11.18.1.s390", product_id: "libprocps3-3.3.9-11.18.1.s390", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.s390", product: { name: "procps-3.3.9-11.18.1.s390", product_id: "procps-3.3.9-11.18.1.s390", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.s390", product: { name: "procps-devel-3.3.9-11.18.1.s390", product_id: "procps-devel-3.3.9-11.18.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.s390x", product: { name: "libprocps3-3.3.9-11.18.1.s390x", product_id: "libprocps3-3.3.9-11.18.1.s390x", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.s390x", product: { name: "procps-3.3.9-11.18.1.s390x", product_id: "procps-3.3.9-11.18.1.s390x", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.s390x", product: { name: "procps-devel-3.3.9-11.18.1.s390x", product_id: "procps-devel-3.3.9-11.18.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libprocps3-3.3.9-11.18.1.x86_64", product: { name: "libprocps3-3.3.9-11.18.1.x86_64", product_id: "libprocps3-3.3.9-11.18.1.x86_64", }, }, { category: "product_version", name: "procps-3.3.9-11.18.1.x86_64", product: { name: "procps-3.3.9-11.18.1.x86_64", product_id: "procps-3.3.9-11.18.1.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.9-11.18.1.x86_64", product: { name: "procps-devel-3.3.9-11.18.1.x86_64", product_id: "procps-devel-3.3.9-11.18.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", }, product_reference: "libprocps3-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", }, product_reference: "procps-3.3.9-11.18.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-04-27T13:16:38Z", details: "important", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-04-27T13:16:38Z", details: "important", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-04-27T13:16:38Z", details: "important", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-04-27T13:16:38Z", details: "important", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-04-27T13:16:38Z", details: "important", }, ], title: "CVE-2018-1126", }, ], }
opensuse-su-2024:12565-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libproc2-0-4.0.2-1.1 on GA media
Notes
Title of the patch
libproc2-0-4.0.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the libproc2-0-4.0.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12565
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libproc2-0-4.0.2-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libproc2-0-4.0.2-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-12565", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12565-1.json", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "libproc2-0-4.0.2-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:12565-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libproc2-0-4.0.2-1.1.aarch64", product: { name: "libproc2-0-4.0.2-1.1.aarch64", product_id: "libproc2-0-4.0.2-1.1.aarch64", }, }, { category: "product_version", name: "procps4-4.0.2-1.1.aarch64", product: { name: "procps4-4.0.2-1.1.aarch64", product_id: "procps4-4.0.2-1.1.aarch64", }, }, { category: "product_version", name: "procps4-devel-4.0.2-1.1.aarch64", product: { name: "procps4-devel-4.0.2-1.1.aarch64", product_id: "procps4-devel-4.0.2-1.1.aarch64", }, }, { category: "product_version", name: "procps4-lang-4.0.2-1.1.aarch64", product: { name: "procps4-lang-4.0.2-1.1.aarch64", product_id: "procps4-lang-4.0.2-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libproc2-0-4.0.2-1.1.ppc64le", product: { name: "libproc2-0-4.0.2-1.1.ppc64le", product_id: "libproc2-0-4.0.2-1.1.ppc64le", }, }, { category: "product_version", name: "procps4-4.0.2-1.1.ppc64le", product: { name: "procps4-4.0.2-1.1.ppc64le", product_id: "procps4-4.0.2-1.1.ppc64le", }, }, { category: "product_version", name: "procps4-devel-4.0.2-1.1.ppc64le", product: { name: "procps4-devel-4.0.2-1.1.ppc64le", product_id: "procps4-devel-4.0.2-1.1.ppc64le", }, }, { category: "product_version", name: "procps4-lang-4.0.2-1.1.ppc64le", product: { name: "procps4-lang-4.0.2-1.1.ppc64le", product_id: "procps4-lang-4.0.2-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libproc2-0-4.0.2-1.1.s390x", product: { name: "libproc2-0-4.0.2-1.1.s390x", product_id: "libproc2-0-4.0.2-1.1.s390x", }, }, { category: "product_version", name: "procps4-4.0.2-1.1.s390x", product: { name: "procps4-4.0.2-1.1.s390x", product_id: "procps4-4.0.2-1.1.s390x", }, }, { category: "product_version", name: "procps4-devel-4.0.2-1.1.s390x", product: { name: "procps4-devel-4.0.2-1.1.s390x", product_id: "procps4-devel-4.0.2-1.1.s390x", }, }, { category: "product_version", name: "procps4-lang-4.0.2-1.1.s390x", product: { name: "procps4-lang-4.0.2-1.1.s390x", product_id: "procps4-lang-4.0.2-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libproc2-0-4.0.2-1.1.x86_64", product: { name: "libproc2-0-4.0.2-1.1.x86_64", product_id: "libproc2-0-4.0.2-1.1.x86_64", }, }, { category: "product_version", name: "procps4-4.0.2-1.1.x86_64", product: { name: "procps4-4.0.2-1.1.x86_64", product_id: "procps4-4.0.2-1.1.x86_64", }, }, { category: "product_version", name: "procps4-devel-4.0.2-1.1.x86_64", product: { name: "procps4-devel-4.0.2-1.1.x86_64", product_id: "procps4-devel-4.0.2-1.1.x86_64", }, }, { category: "product_version", name: "procps4-lang-4.0.2-1.1.x86_64", product: { name: "procps4-lang-4.0.2-1.1.x86_64", product_id: "procps4-lang-4.0.2-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libproc2-0-4.0.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", }, product_reference: "libproc2-0-4.0.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libproc2-0-4.0.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", }, product_reference: "libproc2-0-4.0.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libproc2-0-4.0.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", }, product_reference: "libproc2-0-4.0.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libproc2-0-4.0.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", }, product_reference: "libproc2-0-4.0.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-4.0.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", }, product_reference: "procps4-4.0.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-4.0.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", }, product_reference: "procps4-4.0.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-4.0.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", }, product_reference: "procps4-4.0.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-4.0.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", }, product_reference: "procps4-4.0.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-devel-4.0.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", }, product_reference: "procps4-devel-4.0.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-devel-4.0.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", }, product_reference: "procps4-devel-4.0.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-devel-4.0.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", }, product_reference: "procps4-devel-4.0.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-devel-4.0.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", }, product_reference: "procps4-devel-4.0.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-lang-4.0.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", }, product_reference: "procps4-lang-4.0.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-lang-4.0.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", }, product_reference: "procps4-lang-4.0.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-lang-4.0.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", }, product_reference: "procps4-lang-4.0.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps4-lang-4.0.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", }, product_reference: "procps4-lang-4.0.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.s390x", "openSUSE Tumbleweed:libproc2-0-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-devel-4.0.2-1.1.x86_64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.aarch64", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.ppc64le", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.s390x", "openSUSE Tumbleweed:procps4-lang-4.0.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1126", }, ], }
opensuse-su-2024:11195-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libprocps8-3.3.17-5.2 on GA media
Notes
Title of the patch
libprocps8-3.3.17-5.2 on GA media
Description of the patch
These are all security issues fixed in the libprocps8-3.3.17-5.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11195
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libprocps8-3.3.17-5.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libprocps8-3.3.17-5.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11195", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11195-1.json", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "libprocps8-3.3.17-5.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11195-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libprocps8-3.3.17-5.2.aarch64", product: { name: "libprocps8-3.3.17-5.2.aarch64", product_id: "libprocps8-3.3.17-5.2.aarch64", }, }, { category: "product_version", name: "procps-3.3.17-5.2.aarch64", product: { name: "procps-3.3.17-5.2.aarch64", product_id: "procps-3.3.17-5.2.aarch64", }, }, { category: "product_version", name: "procps-devel-3.3.17-5.2.aarch64", product: { name: "procps-devel-3.3.17-5.2.aarch64", product_id: "procps-devel-3.3.17-5.2.aarch64", }, }, { category: "product_version", name: "procps-lang-3.3.17-5.2.aarch64", product: { name: "procps-lang-3.3.17-5.2.aarch64", product_id: "procps-lang-3.3.17-5.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libprocps8-3.3.17-5.2.ppc64le", product: { name: "libprocps8-3.3.17-5.2.ppc64le", product_id: "libprocps8-3.3.17-5.2.ppc64le", }, }, { category: "product_version", name: "procps-3.3.17-5.2.ppc64le", product: { name: "procps-3.3.17-5.2.ppc64le", product_id: "procps-3.3.17-5.2.ppc64le", }, }, { category: "product_version", name: "procps-devel-3.3.17-5.2.ppc64le", product: { name: "procps-devel-3.3.17-5.2.ppc64le", product_id: "procps-devel-3.3.17-5.2.ppc64le", }, }, { category: "product_version", name: "procps-lang-3.3.17-5.2.ppc64le", product: { name: "procps-lang-3.3.17-5.2.ppc64le", product_id: "procps-lang-3.3.17-5.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libprocps8-3.3.17-5.2.s390x", product: { name: "libprocps8-3.3.17-5.2.s390x", product_id: "libprocps8-3.3.17-5.2.s390x", }, }, { category: "product_version", name: "procps-3.3.17-5.2.s390x", product: { name: "procps-3.3.17-5.2.s390x", product_id: "procps-3.3.17-5.2.s390x", }, }, { category: "product_version", name: "procps-devel-3.3.17-5.2.s390x", product: { name: "procps-devel-3.3.17-5.2.s390x", product_id: "procps-devel-3.3.17-5.2.s390x", }, }, { category: "product_version", name: "procps-lang-3.3.17-5.2.s390x", product: { name: "procps-lang-3.3.17-5.2.s390x", product_id: "procps-lang-3.3.17-5.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libprocps8-3.3.17-5.2.x86_64", product: { name: "libprocps8-3.3.17-5.2.x86_64", product_id: "libprocps8-3.3.17-5.2.x86_64", }, }, { category: "product_version", name: "procps-3.3.17-5.2.x86_64", product: { name: "procps-3.3.17-5.2.x86_64", product_id: "procps-3.3.17-5.2.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.17-5.2.x86_64", product: { name: "procps-devel-3.3.17-5.2.x86_64", product_id: "procps-devel-3.3.17-5.2.x86_64", }, }, { category: "product_version", name: "procps-lang-3.3.17-5.2.x86_64", product: { name: "procps-lang-3.3.17-5.2.x86_64", product_id: "procps-lang-3.3.17-5.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps8-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", }, product_reference: "libprocps8-3.3.17-5.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libprocps8-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", }, product_reference: "libprocps8-3.3.17-5.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libprocps8-3.3.17-5.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", }, product_reference: "libprocps8-3.3.17-5.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libprocps8-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", }, product_reference: "libprocps8-3.3.17-5.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", }, product_reference: "procps-3.3.17-5.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", }, product_reference: "procps-3.3.17-5.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.17-5.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", }, product_reference: "procps-3.3.17-5.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", }, product_reference: "procps-3.3.17-5.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", }, product_reference: "procps-devel-3.3.17-5.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", }, product_reference: "procps-devel-3.3.17-5.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.17-5.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", }, product_reference: "procps-devel-3.3.17-5.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", }, product_reference: "procps-devel-3.3.17-5.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-lang-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", }, product_reference: "procps-lang-3.3.17-5.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-lang-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", }, product_reference: "procps-lang-3.3.17-5.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-lang-3.3.17-5.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", }, product_reference: "procps-lang-3.3.17-5.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "procps-lang-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", }, product_reference: "procps-lang-3.3.17-5.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x", "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x", "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-1126", }, ], }
opensuse-su-2019:2379-1
Vulnerability from csaf_opensuse
Published
2019-10-26 16:24
Modified
2019-10-26 16:24
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2379
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "This update for procps fixes the following issues:\n\nprocps was updated to 3.3.15. (bsc#1092100)\n\nFollowing security issues were fixed:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n\nAlso this non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n\nThe update to 3.3.15 contains the following fixes:\n\n* library: Increment to 8:0:1\n No removals, no new functions\n Changes: slab and pid structures\n* library: Just check for SIGLOST and don't delete it\n* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124\n* library: Use size_t for alloc functions CVE-2018-1126\n* library: Increase comm size to 64\n* pgrep: Fix stack-based buffer overflow CVE-2018-1125\n* pgrep: Remove >15 warning as comm can be longer\n* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123\n* ps: Increase command name selection field to 64\n* top: Don't use cwd for location of config CVE-2018-1122\n* update translations\n* library: build on non-glibc systems\n* free: fix scaling on 32-bit systems\n* Revert 'Support running with child namespaces'\n* library: Increment to 7:0:1\n No changes, no removals\n New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler\n* doc: Document I idle state in ps.1 and top.1\n* free: fix some of the SI multiples\n* kill: -l space between name parses correctly\n* library: dont use vm_min_free on non Linux\n* library: don't strip off wchan prefixes (ps & top)\n* pgrep: warn about 15+ char name only if -f not used\n* pgrep/pkill: only match in same namespace by default\n* pidof: specify separator between pids\n* pkill: Return 0 only if we can kill process\n* pmap: fix duplicate output line under '-x' option\n* ps: avoid eip/esp address truncations\n* ps: recognizes SCHED_DEADLINE as valid CPU scheduler\n* ps: display NUMA node under which a thread ran\n* ps: Add seconds display for cputime and time\n* ps: Add LUID field\n* sysctl: Permit empty string for value\n* sysctl: Don't segv when file not available\n* sysctl: Read and write large buffers\n* top: add config file support for XDG specification\n* top: eliminated minor libnuma memory leak\n* top: show fewer memory decimal places (configurable)\n* top: provide command line switch for memory scaling\n* top: provide command line switch for CPU States\n* top: provides more accurate cpu usage at startup\n* top: display NUMA node under which a thread ran\n* top: fix argument parsing quirk resulting in SEGV\n* top: delay interval accepts non-locale radix point\n* top: address a wishlist man page NLS suggestion\n* top: fix potential distortion in 'Mem' graph display\n* top: provide proper multi-byte string handling\n* top: startup defaults are fully customizable\n* watch: define HOST_NAME_MAX where not defined\n* vmstat: Fix alignment for disk partition format\n* watch: Support ANSI 39,49 reset sequences\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2379", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2379-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2379-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/373YKSXQ2VINMOOBAFFGM6KATT7DSMIN/#373YKSXQ2VINMOOBAFFGM6KATT7DSMIN", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2379-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/373YKSXQ2VINMOOBAFFGM6KATT7DSMIN/#373YKSXQ2VINMOOBAFFGM6KATT7DSMIN", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE Bug 1121753", url: "https://bugzilla.suse.com/1121753", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2019-10-26T16:24:57Z", generator: { date: "2019-10-26T16:24:57Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2379-1", initial_release_date: "2019-10-26T16:24:57Z", revision_history: [ { date: "2019-10-26T16:24:57Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libprocps7-3.3.15-lp150.5.3.1.i586", product: { name: "libprocps7-3.3.15-lp150.5.3.1.i586", product_id: "libprocps7-3.3.15-lp150.5.3.1.i586", }, }, { category: "product_version", name: "procps-3.3.15-lp150.5.3.1.i586", product: { name: "procps-3.3.15-lp150.5.3.1.i586", product_id: "procps-3.3.15-lp150.5.3.1.i586", }, }, { category: "product_version", name: "procps-devel-3.3.15-lp150.5.3.1.i586", product: { name: "procps-devel-3.3.15-lp150.5.3.1.i586", product_id: "procps-devel-3.3.15-lp150.5.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libprocps7-3.3.15-lp150.5.3.1.x86_64", product: { name: "libprocps7-3.3.15-lp150.5.3.1.x86_64", product_id: "libprocps7-3.3.15-lp150.5.3.1.x86_64", }, }, { category: "product_version", name: "procps-3.3.15-lp150.5.3.1.x86_64", product: { name: "procps-3.3.15-lp150.5.3.1.x86_64", product_id: "procps-3.3.15-lp150.5.3.1.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.15-lp150.5.3.1.x86_64", product: { name: "procps-devel-3.3.15-lp150.5.3.1.x86_64", product_id: "procps-devel-3.3.15-lp150.5.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.0", product: { name: "openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-lp150.5.3.1.i586 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", }, product_reference: "libprocps7-3.3.15-lp150.5.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.0", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-lp150.5.3.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", }, product_reference: "libprocps7-3.3.15-lp150.5.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-lp150.5.3.1.i586 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", }, product_reference: "procps-3.3.15-lp150.5.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.0", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-lp150.5.3.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", }, product_reference: "procps-3.3.15-lp150.5.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-lp150.5.3.1.i586 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", }, product_reference: "procps-devel-3.3.15-lp150.5.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.0", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-lp150.5.3.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", }, product_reference: "procps-devel-3.3.15-lp150.5.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T16:24:57Z", details: "important", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T16:24:57Z", details: "important", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T16:24:57Z", details: "important", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T16:24:57Z", details: "important", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586", "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T16:24:57Z", details: "important", }, ], title: "CVE-2018-1126", }, ], }
opensuse-su-2019:2376-1
Vulnerability from csaf_opensuse
Published
2019-10-26 14:24
Modified
2019-10-26 14:24
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2376
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for procps", title: "Title of the patch", }, { category: "description", text: "This update for procps fixes the following issues:\n\nprocps was updated to 3.3.15. (bsc#1092100)\n\nFollowing security issues were fixed:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n\nAlso this non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n\nThe update to 3.3.15 contains the following fixes:\n\n* library: Increment to 8:0:1\n No removals, no new functions\n Changes: slab and pid structures\n* library: Just check for SIGLOST and don't delete it\n* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124\n* library: Use size_t for alloc functions CVE-2018-1126\n* library: Increase comm size to 64\n* pgrep: Fix stack-based buffer overflow CVE-2018-1125\n* pgrep: Remove >15 warning as comm can be longer\n* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123\n* ps: Increase command name selection field to 64\n* top: Don't use cwd for location of config CVE-2018-1122\n* update translations\n* library: build on non-glibc systems\n* free: fix scaling on 32-bit systems\n* Revert 'Support running with child namespaces'\n* library: Increment to 7:0:1\n No changes, no removals\n New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler\n* doc: Document I idle state in ps.1 and top.1\n* free: fix some of the SI multiples\n* kill: -l space between name parses correctly\n* library: dont use vm_min_free on non Linux\n* library: don't strip off wchan prefixes (ps & top)\n* pgrep: warn about 15+ char name only if -f not used\n* pgrep/pkill: only match in same namespace by default\n* pidof: specify separator between pids\n* pkill: Return 0 only if we can kill process\n* pmap: fix duplicate output line under '-x' option\n* ps: avoid eip/esp address truncations\n* ps: recognizes SCHED_DEADLINE as valid CPU scheduler\n* ps: display NUMA node under which a thread ran\n* ps: Add seconds display for cputime and time\n* ps: Add LUID field\n* sysctl: Permit empty string for value\n* sysctl: Don't segv when file not available\n* sysctl: Read and write large buffers\n* top: add config file support for XDG specification\n* top: eliminated minor libnuma memory leak\n* top: show fewer memory decimal places (configurable)\n* top: provide command line switch for memory scaling\n* top: provide command line switch for CPU States\n* top: provides more accurate cpu usage at startup\n* top: display NUMA node under which a thread ran\n* top: fix argument parsing quirk resulting in SEGV\n* top: delay interval accepts non-locale radix point\n* top: address a wishlist man page NLS suggestion\n* top: fix potential distortion in 'Mem' graph display\n* top: provide proper multi-byte string handling\n* top: startup defaults are fully customizable\n* watch: define HOST_NAME_MAX where not defined\n* vmstat: Fix alignment for disk partition format\n* watch: Support ANSI 39,49 reset sequences\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2376", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2376-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2376-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2376-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB", }, { category: "self", summary: "SUSE Bug 1092100", url: "https://bugzilla.suse.com/1092100", }, { category: "self", summary: "SUSE Bug 1121753", url: "https://bugzilla.suse.com/1121753", }, { category: "self", summary: "SUSE CVE CVE-2018-1122 page", url: "https://www.suse.com/security/cve/CVE-2018-1122/", }, { category: "self", summary: "SUSE CVE CVE-2018-1123 page", url: "https://www.suse.com/security/cve/CVE-2018-1123/", }, { category: "self", summary: "SUSE CVE CVE-2018-1124 page", url: "https://www.suse.com/security/cve/CVE-2018-1124/", }, { category: "self", summary: "SUSE CVE CVE-2018-1125 page", url: "https://www.suse.com/security/cve/CVE-2018-1125/", }, { category: "self", summary: "SUSE CVE CVE-2018-1126 page", url: "https://www.suse.com/security/cve/CVE-2018-1126/", }, ], title: "Security update for procps", tracking: { current_release_date: "2019-10-26T14:24:29Z", generator: { date: "2019-10-26T14:24:29Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2376-1", initial_release_date: "2019-10-26T14:24:29Z", revision_history: [ { date: "2019-10-26T14:24:29Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libprocps7-3.3.15-lp151.6.3.1.i586", product: { name: "libprocps7-3.3.15-lp151.6.3.1.i586", product_id: "libprocps7-3.3.15-lp151.6.3.1.i586", }, }, { category: "product_version", name: "procps-3.3.15-lp151.6.3.1.i586", product: { name: "procps-3.3.15-lp151.6.3.1.i586", product_id: "procps-3.3.15-lp151.6.3.1.i586", }, }, { category: "product_version", name: "procps-devel-3.3.15-lp151.6.3.1.i586", product: { name: "procps-devel-3.3.15-lp151.6.3.1.i586", product_id: "procps-devel-3.3.15-lp151.6.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libprocps7-3.3.15-lp151.6.3.1.x86_64", product: { name: "libprocps7-3.3.15-lp151.6.3.1.x86_64", product_id: "libprocps7-3.3.15-lp151.6.3.1.x86_64", }, }, { category: "product_version", name: "procps-3.3.15-lp151.6.3.1.x86_64", product: { name: "procps-3.3.15-lp151.6.3.1.x86_64", product_id: "procps-3.3.15-lp151.6.3.1.x86_64", }, }, { category: "product_version", name: "procps-devel-3.3.15-lp151.6.3.1.x86_64", product: { name: "procps-devel-3.3.15-lp151.6.3.1.x86_64", product_id: "procps-devel-3.3.15-lp151.6.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", }, product_reference: "libprocps7-3.3.15-lp151.6.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libprocps7-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", }, product_reference: "libprocps7-3.3.15-lp151.6.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", }, product_reference: "procps-3.3.15-lp151.6.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "procps-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", }, product_reference: "procps-3.3.15-lp151.6.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", }, product_reference: "procps-devel-3.3.15-lp151.6.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "procps-devel-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", }, product_reference: "procps-devel-3.3.15-lp151.6.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2018-1122", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1122", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1122", url: "https://www.suse.com/security/cve/CVE-2018-1122", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1122", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1122", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1122", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1122", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1122", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1122", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T14:24:29Z", details: "important", }, ], title: "CVE-2018-1122", }, { cve: "CVE-2018-1123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1123", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1123", url: "https://www.suse.com/security/cve/CVE-2018-1123", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1123", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1123", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1123", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1123", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1123", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1123", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T14:24:29Z", details: "important", }, ], title: "CVE-2018-1123", }, { cve: "CVE-2018-1124", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1124", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1124", url: "https://www.suse.com/security/cve/CVE-2018-1124", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1124", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1124", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1124", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1124", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1124", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1124", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T14:24:29Z", details: "important", }, ], title: "CVE-2018-1124", }, { cve: "CVE-2018-1125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1125", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1125", url: "https://www.suse.com/security/cve/CVE-2018-1125", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1125", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1125", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1125", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1125", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1125", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1125", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T14:24:29Z", details: "important", }, ], title: "CVE-2018-1125", }, { cve: "CVE-2018-1126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1126", }, ], notes: [ { category: "general", text: "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1126", url: "https://www.suse.com/security/cve/CVE-2018-1126", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-1126", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092100 for CVE-2018-1126", url: "https://bugzilla.suse.com/1092100", }, { category: "external", summary: "SUSE Bug 1093158 for CVE-2018-1126", url: "https://bugzilla.suse.com/1093158", }, { category: "external", summary: "SUSE Bug 1123135 for CVE-2018-1126", url: "https://bugzilla.suse.com/1123135", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2018-1126", url: "https://bugzilla.suse.com/1126909", }, { category: "external", summary: "SUSE Bug 1128955 for CVE-2018-1126", url: "https://bugzilla.suse.com/1128955", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586", "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-26T14:24:29Z", details: "important", }, ], title: "CVE-2018-1126", }, ], }
gsd-2018-1125
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
Aliases
Aliases
{ GSD: { alias: "CVE-2018-1125", description: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", id: "GSD-2018-1125", references: [ "https://www.suse.com/security/cve/CVE-2018-1125.html", "https://www.debian.org/security/2018/dsa-4208", "https://ubuntu.com/security/CVE-2018-1125", "https://security.archlinux.org/CVE-2018-1125", "https://packetstormsecurity.com/files/cve/CVE-2018-1125", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2018-1125", ], details: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", id: "GSD-2018-1125", modified: "2023-12-13T01:22:36.986638Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-1125", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "procps-ng, procps", version: { version_data: [ { version_value: "procps-ng 3.3.15", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", }, ], }, impact: { cvss: [ [ { vectorString: "4.4/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { name: "USN-3658-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3658-1/", }, { name: "DSA-4208", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4208", }, { name: "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { name: "USN-3658-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3658-3/", }, { name: "104214", refsource: "BID", url: "http://www.securityfocus.com/bid/104214", }, { name: "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", refsource: "MLIST", url: "http://seclists.org/oss-sec/2018/q2/122", }, { name: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", refsource: "MISC", url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { name: "openSUSE-SU-2019:2376", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { name: "openSUSE-SU-2019:2379", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.3.15", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-1125", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", refsource: "MISC", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", refsource: "CONFIRM", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { name: "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2018/q2/122", }, { name: "DSA-4208", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4208", }, { name: "USN-3658-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3658-1/", }, { name: "104214", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104214", }, { name: "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { name: "USN-3658-3", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3658-3/", }, { name: "openSUSE-SU-2019:2376", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { name: "openSUSE-SU-2019:2379", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2020-09-09T14:59Z", publishedDate: "2018-05-23T14:29Z", }, }, }
ghsa-jpw5-97m6-c8m2
Vulnerability from github
Published
2022-05-13 01:16
Modified
2022-05-13 01:16
Severity ?
Details
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
{ affected: [], aliases: [ "CVE-2018-1125", ], database_specific: { cwe_ids: [ "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2018-05-23T14:29:00Z", severity: "HIGH", }, details: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", id: "GHSA-jpw5-97m6-c8m2", modified: "2022-05-13T01:16:28Z", published: "2022-05-13T01:16:28Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1125", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { type: "WEB", url: "https://usn.ubuntu.com/3658-1", }, { type: "WEB", url: "https://usn.ubuntu.com/3658-3", }, { type: "WEB", url: "https://www.debian.org/security/2018/dsa-4208", }, { type: "WEB", url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, { type: "WEB", url: "http://seclists.org/oss-sec/2018/q2/122", }, { type: "WEB", url: "http://www.securityfocus.com/bid/104214", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2018-1125
Vulnerability from fkie_nvd
Published
2018-05-23 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| procps-ng_project | procps-ng | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*", matchCriteriaId: "9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B", versionEndExcluding: "3.3.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", }, { lang: "es", value: "procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un desbordamiento de búfer basado en pila en pgrep. Esta vulnerabilidad se mitiga mediante FORTIFY, ya que implica el uso de strncat() en una cadena asignada a la pila. Cuando pgrep se compila con FORTIFY (como en Red Hat Enterprise Linux y Fedora), el impacto se limita a un cierre inesperado.", }, ], id: "CVE-2018-1125", lastModified: "2024-11-21T03:59:14.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-23T14:29:00.343", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2018/q2/122", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104214", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3658-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3658-3/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4208", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2018/q2/122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3658-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3658-3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.