Vulnerability from csaf_suse
Published
2019-04-27 13:16
Modified
2019-04-27 13:16
Summary
Security update for procps
Notes
Title of the patch
Security update for procps
Description of the patch
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)
Also the following non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
Patchnames
SUSE-2019-450,SUSE-SLE-SAP-12-SP1-2019-450
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n \nThis update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n(These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)\n\nAlso the following non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-450,SUSE-SLE-SAP-12-SP1-2019-450",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0450-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0450-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190450-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0450-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005384.html"
},
{
"category": "self",
"summary": "SUSE Bug 1092100",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "self",
"summary": "SUSE Bug 1121753",
"url": "https://bugzilla.suse.com/1121753"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "Security update for procps",
"tracking": {
"current_release_date": "2019-04-27T13:16:38Z",
"generator": {
"date": "2019-04-27T13:16:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0450-2",
"initial_release_date": "2019-04-27T13:16:38Z",
"revision_history": [
{
"date": "2019-04-27T13:16:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.18.1.aarch64",
"product": {
"name": "libprocps3-3.3.9-11.18.1.aarch64",
"product_id": "libprocps3-3.3.9-11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.18.1.aarch64",
"product": {
"name": "procps-3.3.9-11.18.1.aarch64",
"product_id": "procps-3.3.9-11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.18.1.aarch64",
"product": {
"name": "procps-devel-3.3.9-11.18.1.aarch64",
"product_id": "procps-devel-3.3.9-11.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.18.1.i586",
"product": {
"name": "libprocps3-3.3.9-11.18.1.i586",
"product_id": "libprocps3-3.3.9-11.18.1.i586"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.18.1.i586",
"product": {
"name": "procps-3.3.9-11.18.1.i586",
"product_id": "procps-3.3.9-11.18.1.i586"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.18.1.i586",
"product": {
"name": "procps-devel-3.3.9-11.18.1.i586",
"product_id": "procps-devel-3.3.9-11.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.18.1.ppc64le",
"product": {
"name": "libprocps3-3.3.9-11.18.1.ppc64le",
"product_id": "libprocps3-3.3.9-11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.18.1.ppc64le",
"product": {
"name": "procps-3.3.9-11.18.1.ppc64le",
"product_id": "procps-3.3.9-11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.18.1.ppc64le",
"product": {
"name": "procps-devel-3.3.9-11.18.1.ppc64le",
"product_id": "procps-devel-3.3.9-11.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.18.1.s390",
"product": {
"name": "libprocps3-3.3.9-11.18.1.s390",
"product_id": "libprocps3-3.3.9-11.18.1.s390"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.18.1.s390",
"product": {
"name": "procps-3.3.9-11.18.1.s390",
"product_id": "procps-3.3.9-11.18.1.s390"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.18.1.s390",
"product": {
"name": "procps-devel-3.3.9-11.18.1.s390",
"product_id": "procps-devel-3.3.9-11.18.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.18.1.s390x",
"product": {
"name": "libprocps3-3.3.9-11.18.1.s390x",
"product_id": "libprocps3-3.3.9-11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.18.1.s390x",
"product": {
"name": "procps-3.3.9-11.18.1.s390x",
"product_id": "procps-3.3.9-11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.18.1.s390x",
"product": {
"name": "procps-devel-3.3.9-11.18.1.s390x",
"product_id": "procps-devel-3.3.9-11.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.18.1.x86_64",
"product": {
"name": "libprocps3-3.3.9-11.18.1.x86_64",
"product_id": "libprocps3-3.3.9-11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.18.1.x86_64",
"product": {
"name": "procps-3.3.9-11.18.1.x86_64",
"product_id": "procps-3.3.9-11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.18.1.x86_64",
"product": {
"name": "procps-devel-3.3.9-11.18.1.x86_64",
"product_id": "procps-devel-3.3.9-11.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
},
"product_reference": "procps-3.3.9-11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:16:38Z",
"details": "important"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:16:38Z",
"details": "important"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:16:38Z",
"details": "important"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:16:38Z",
"details": "important"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libprocps3-3.3.9-11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:procps-3.3.9-11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:16:38Z",
"details": "important"
}
],
"title": "CVE-2018-1126"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.