RHEL 7 : procps-ng (RHSA-2019:1944)
High Nessus Plugin ID 127631
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es) :
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
SolutionUpdate the affected packages.