openSUSE Security Update : procps (openSUSE-2019-2376)

High Nessus Plugin ID 130333

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for procps fixes the following issues :

procps was updated to 3.3.15. (bsc#1092100)

Following security issues were fixed :

- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).

- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).

- CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function.
This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).

- CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).

- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

Also this non-security issue was fixed :

- Fix CPU summary showing old data. (bsc#1121753)

The update to 3.3.15 contains the following fixes :

- library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures

- library: Just check for SIGLOST and don't delete it

- library: Fix integer overflow and LPE in file2strvec CVE-2018-1124

- library: Use size_t for alloc functions CVE-2018-1126

- library: Increase comm size to 64

- pgrep: Fix stack-based buffer overflow CVE-2018-1125

- pgrep: Remove >15 warning as comm can be longer

- ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123

- ps: Increase command name selection field to 64

- top: Don't use cwd for location of config CVE-2018-1122

- update translations

- library: build on non-glibc systems

- free: fix scaling on 32-bit systems

- Revert 'Support running with child namespaces'

- library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler

- doc: Document I idle state in ps.1 and top.1

- free: fix some of the SI multiples

- kill: -l space between name parses correctly

- library: dont use vm_min_free on non Linux

- library: don't strip off wchan prefixes (ps & top)

- pgrep: warn about 15+ char name only if -f not used

- pgrep/pkill: only match in same namespace by default

- pidof: specify separator between pids

- pkill: Return 0 only if we can kill process

- pmap: fix duplicate output line under '-x' option

- ps: avoid eip/esp address truncations

- ps: recognizes SCHED_DEADLINE as valid CPU scheduler

- ps: display NUMA node under which a thread ran

- ps: Add seconds display for cputime and time

- ps: Add LUID field

- sysctl: Permit empty string for value

- sysctl: Don't segv when file not available

- sysctl: Read and write large buffers

- top: add config file support for XDG specification

- top: eliminated minor libnuma memory leak

- top: show fewer memory decimal places (configurable)

- top: provide command line switch for memory scaling

- top: provide command line switch for CPU States

- top: provides more accurate cpu usage at startup

- top: display NUMA node under which a thread ran

- top: fix argument parsing quirk resulting in SEGV

- top: delay interval accepts non-locale radix point

- top: address a wishlist man page NLS suggestion

- top: fix potential distortion in 'Mem' graph display

- top: provide proper multi-byte string handling

- top: startup defaults are fully customizable

- watch: define HOST_NAME_MAX where not defined

- vmstat: Fix alignment for disk partition format

- watch: Support ANSI 39,49 reset sequences

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected procps packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1092100

https://bugzilla.opensuse.org/show_bug.cgi?id=1121753

Plugin Details

Severity: High

ID: 130333

File Name: openSUSE-2019-2376.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2019/10/28

Updated: 2019/12/18

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libprocps7, p-cpe:/a:novell:opensuse:libprocps7-debuginfo, p-cpe:/a:novell:opensuse:procps, p-cpe:/a:novell:opensuse:procps-debuginfo, p-cpe:/a:novell:opensuse:procps-debugsource, p-cpe:/a:novell:opensuse:procps-devel, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/10/26

Vulnerability Publication Date: 2018/05/23

Reference Information

CVE: CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126