Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1124 (GCVE-0-2018-1124)
Vulnerability from cvelistv5 – Published: 2018-05-23 13:00 – Updated: 2025-12-18 11:37
VLAI
EPSS
Summary
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
Severity
7.3 (High)
Assigner
References
22 references
Date Public
2018-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3658-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-1124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T22:12:23.097847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:37:47.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "procps-ng",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "procps-ng 3.3.15"
}
]
}
],
"datePublic": "2018-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T23:06:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3658-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "procps-ng",
"version": {
"version_data": [
{
"version_value": "procps-ng 3.3.15"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3658-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1124",
"datePublished": "2018-05-23T13:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2025-12-18T11:37:47.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-1124",
"date": "2026-05-27",
"epss": "0.00462",
"percentile": "0.64368"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.3.15\", \"matchCriteriaId\": \"9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB48767-F095-444F-9E05-D9AC345AB803\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.6.0\", \"matchCriteriaId\": \"6CB56955-1A47-4F6C-A354-8BBAE7534504\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"}, {\"lang\": \"es\", \"value\": \"procps-ng en versiones anteriores a la 3.3.15 es vulnerable a m\\u00faltiples desbordamientos de enteros que conducen a una corrupci\\u00f3n de la memoria din\\u00e1mica (heap) en la funci\\u00f3n file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podr\\u00eda resultar en cierres inesperados o la ejecuci\\u00f3n de c\\u00f3digo arbitrario en las utilidades proc ejecutadas por otros usuarios.\"}]",
"id": "CVE-2018-1124",
"lastModified": "2024-11-21T03:59:13.937",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-05-23T13:29:00.263",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3658-1/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3658-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}, {\"lang\": \"en\", \"value\": \"CWE-190\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1124\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-05-23T13:29:00.263\",\"lastModified\":\"2024-11-21T03:59:13.937\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"},{\"lang\":\"es\",\"value\":\"procps-ng en versiones anteriores a la 3.3.15 es vulnerable a m\u00faltiples desbordamientos de enteros que conducen a una corrupci\u00f3n de la memoria din\u00e1mica (heap) en la funci\u00f3n file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podr\u00eda resultar en cierres inesperados o la ejecuci\u00f3n de c\u00f3digo arbitrario en las utilidades proc ejecutadas por otros usuarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.15\",\"matchCriteriaId\":\"9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB48767-F095-444F-9E05-D9AC345AB803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6.0\",\"matchCriteriaId\":\"6CB56955-1A47-4F6C-A354-8BBAE7534504\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2018/q2/122\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104214\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041057\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1700\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1777\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1820\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2267\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2268\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1944\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2401\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201805-14\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-2/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4208\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44806/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2018/q2/122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201805-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44806/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://usn.ubuntu.com/3658-1/\", \"name\": \"USN-3658-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"name\": \"DSA-4208\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"name\": \"GLSA-201805-14\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"name\": \"44806\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"name\": \"RHSA-2018:1777\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"name\": \"[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"name\": \"RHSA-2018:2267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"name\": \"RHSA-2018:2268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"name\": \"RHSA-2018:1700\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"name\": \"104214\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"name\": \"[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"name\": \"1041057\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"name\": \"RHSA-2018:1820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"name\": \"USN-3658-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"name\": \"RHSA-2019:1944\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"name\": \"RHSA-2019:2401\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"name\": \"openSUSE-SU-2019:2376\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"name\": \"openSUSE-SU-2019:2379\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:51:48.632Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-1124\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T22:12:23.097847Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-18T11:37:42.235Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"[UNKNOWN]\", \"product\": \"procps-ng\", \"versions\": [{\"status\": \"affected\", \"version\": \"procps-ng 3.3.15\"}]}], \"datePublic\": \"2018-05-17T00:00:00.000Z\", \"references\": [{\"url\": \"https://usn.ubuntu.com/3658-1/\", \"name\": \"USN-3658-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"name\": \"DSA-4208\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"name\": \"GLSA-201805-14\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"name\": \"44806\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"name\": \"RHSA-2018:1777\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"name\": \"[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"name\": \"RHSA-2018:2267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"name\": \"RHSA-2018:2268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"name\": \"RHSA-2018:1700\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"name\": \"104214\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"name\": \"[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"name\": \"1041057\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"name\": \"RHSA-2018:1820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"name\": \"USN-3658-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"name\": \"RHSA-2019:1944\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"name\": \"RHSA-2019:2401\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"name\": \"openSUSE-SU-2019:2376\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"name\": \"openSUSE-SU-2019:2379\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2019-10-26T23:06:10.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": [[{\"version\": \"3.0\", \"vectorString\": \"7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\"}]]}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"procps-ng 3.3.15\"}]}, \"product_name\": \"procps-ng\"}]}, \"vendor_name\": \"[UNKNOWN]\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://usn.ubuntu.com/3658-1/\", \"name\": \"USN-3658-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"name\": \"DSA-4208\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"name\": \"GLSA-201805-14\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"name\": \"44806\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"name\": \"RHSA-2018:1777\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"name\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"name\": \"[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"name\": \"RHSA-2018:2267\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"name\": \"RHSA-2018:2268\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"name\": \"RHSA-2018:1700\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"name\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"name\": \"104214\", \"refsource\": \"BID\"}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"name\": \"[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"name\": \"1041057\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"name\": \"RHSA-2018:1820\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"name\": \"USN-3658-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"name\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"refsource\": \"MISC\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"name\": \"RHSA-2019:1944\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"name\": \"RHSA-2019:2401\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"name\": \"openSUSE-SU-2019:2376\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"name\": \"openSUSE-SU-2019:2379\", \"refsource\": \"SUSE\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-190\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-122\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-1124\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-1124\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-18T11:37:47.265Z\", \"dateReserved\": \"2017-12-04T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2018-05-23T13:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2018_1820
Vulnerability from csaf_redhat - Published: 2018-06-11 06:57 - Updated: 2024-11-15 00:33Summary
Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for RHEL-7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Qualys Research Labs for reporting these issues.
Bug Fix(es):
* Previously some SELinux %post scripts were not re-executed because imgbased attempts to re-execute RPM %post scripts which involve SELinux commands inside a namespace, and some commands failed due to SELinux namespacing rules.
This update ensures that SELinux contexts inside imgbased update namespaces now update appropriately, and the scripts are re-executed by remounting /sys and /sys/fs/selinux inside the update namespace. (BZ#1571607)
* Previously, vmcore files that were created by kdump were not relabelled by kdumpctl after a reboot. As a result, Rsync returned an error when trying to remove the security.selinux attribute while syncing unlabelled files, as this is forbidden by selinux.
In this release, restorecon is run on the source directory before syncing it, which enables the files to be synchronized with the correct labels. (BZ#1579141)
Enhancement(s):
* Previously, imgbased filtered out stderr from LVM commands to improve parsing reliability. In this release, imgbased now logs stderr from LVM commands in order to provide this information in the imgbased logs, for example during an upgrade failure. (BZ#1574187)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
4.8 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
20 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting these issues.\n\nBug Fix(es):\n\n* Previously some SELinux %post scripts were not re-executed because imgbased attempts to re-execute RPM %post scripts which involve SELinux commands inside a namespace, and some commands failed due to SELinux namespacing rules.\n\nThis update ensures that SELinux contexts inside imgbased update namespaces now update appropriately, and the scripts are re-executed by remounting /sys and /sys/fs/selinux inside the update namespace. (BZ#1571607)\n\n* Previously, vmcore files that were created by kdump were not relabelled by kdumpctl after a reboot. As a result, Rsync returned an error when trying to remove the security.selinux attribute while syncing unlabelled files, as this is forbidden by selinux.\n\nIn this release, restorecon is run on the source directory before syncing it, which enables the files to be synchronized with the correct labels. (BZ#1579141)\n\nEnhancement(s):\n\n* Previously, imgbased filtered out stderr from LVM commands to improve parsing reliability. In this release, imgbased now logs stderr from LVM commands in order to provide this information in the imgbased logs, for example during an upgrade failure. (BZ#1574187)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1820",
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1571607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571607"
},
{
"category": "external",
"summary": "1573334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573334"
},
{
"category": "external",
"summary": "1574187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574187"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "external",
"summary": "1575922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575922"
},
{
"category": "external",
"summary": "1579141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579141"
},
{
"category": "external",
"summary": "1582433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582433"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1820.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-15T00:33:46+00:00",
"generator": {
"date": "2024-11-15T00:33:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:1820",
"initial_release_date": "2018-06-11T06:57:24+00:00",
"revision_history": [
{
"date": "2018-06-11T06:57:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-11T06:57:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:33:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"product": {
"name": "python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"product_id": "python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-imgbased@1.0.17-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "imgbased-0:1.0.17-0.1.el7ev.noarch",
"product": {
"name": "imgbased-0:1.0.17-0.1.el7ev.noarch",
"product_id": "imgbased-0:1.0.17-0.1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.0.17-0.1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-3.1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20180531.0.el7_5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "imgbased-0:1.0.17-0.1.el7ev.src",
"product": {
"name": "imgbased-0:1.0.17-0.1.el7ev.src",
"product_id": "imgbased-0:1.0.17-0.1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/imgbased@1.0.17-0.1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-3.1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"product_id": "redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20180531.0.el7_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-3.1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20180531.0.el7_5.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.0.17-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch"
},
"product_reference": "imgbased-0:1.0.17-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "imgbased-0:1.0.17-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src"
},
"product_reference": "imgbased-0:1.0.17-0.1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-imgbased-0:1.0.17-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch"
},
"product_reference": "python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-3.1.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-11T06:57:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1126",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "RHBZ#1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-11T06:57:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.2-20180531.0.el7_5.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.0.17-0.1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.0.17-0.1.el7ev.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.2-3.1.el7.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues"
}
]
}
RHSA-2018_2267
Vulnerability from csaf_redhat - Published: 2018-07-26 12:08 - Updated: 2024-11-15 00:34Summary
Red Hat Security Advisory: procps security update
Severity
Important
Notes
Topic: An update for procps is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Qualys Research Labs for reporting these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
4.8 (Medium)
Affected products
Fixed
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procps is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2267",
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2267.json"
}
],
"title": "Red Hat Security Advisory: procps security update",
"tracking": {
"current_release_date": "2024-11-15T00:34:44+00:00",
"generator": {
"date": "2024-11-15T00:34:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2267",
"initial_release_date": "2018-07-26T12:08:22+00:00",
"revision_history": [
{
"date": "2018-07-26T12:08:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-07-26T12:08:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:34:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.x86_64",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.x86_64",
"product_id": "procps-0:3.2.8-35.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"product": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"product_id": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-35.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"product": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"product_id": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-35.el6_7.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.i686",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.i686",
"product_id": "procps-0:3.2.8-35.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"product": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"product_id": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-35.el6_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"product": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"product_id": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-35.el6_7.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.src",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.src",
"product_id": "procps-0:3.2.8-35.el6_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"product": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"product_id": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-35.el6_7.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"product": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"product_id": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-35.el6_7.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.ppc",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc",
"product_id": "procps-0:3.2.8-35.el6_7.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"product": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"product_id": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-35.el6_7.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"product": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"product_id": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-35.el6_7.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.ppc64",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc64",
"product_id": "procps-0:3.2.8-35.el6_7.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"product": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"product_id": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-35.el6_7.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"product": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"product_id": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-35.el6_7.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.s390",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.s390",
"product_id": "procps-0:3.2.8-35.el6_7.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"product": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"product_id": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-35.el6_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"product": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"product_id": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-35.el6_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-0:3.2.8-35.el6_7.1.s390x",
"product": {
"name": "procps-0:3.2.8-35.el6_7.1.s390x",
"product_id": "procps-0:3.2.8-35.el6_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-35.el6_7.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.src as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.src",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.src as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.src",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.src as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.src",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.src",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.i686",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.s390x",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-35.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.7)",
"product_id": "6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.7.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-26T12:08:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1126",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "RHBZ#1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-26T12:08:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6ComputeNode-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6ComputeNode-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.src",
"6Server-optional-6.7.EUS:procps-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-debuginfo-0:3.2.8-35.el6_7.1.x86_64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.i686",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.ppc64",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.s390x",
"6Server-optional-6.7.EUS:procps-devel-0:3.2.8-35.el6_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues"
}
]
}
RHSA-2018_2268
Vulnerability from csaf_redhat - Published: 2018-07-26 13:17 - Updated: 2024-11-15 00:34Summary
Red Hat Security Advisory: procps security update
Severity
Important
Notes
Topic: An update for procps is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Qualys Research Labs for reporting these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
4.8 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procps is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2268",
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2268.json"
}
],
"title": "Red Hat Security Advisory: procps security update",
"tracking": {
"current_release_date": "2024-11-15T00:34:39+00:00",
"generator": {
"date": "2024-11-15T00:34:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2268",
"initial_release_date": "2018-07-26T13:17:44+00:00",
"revision_history": [
{
"date": "2018-07-26T13:17:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-07-26T13:17:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:34:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:6.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:6.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:6.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:6.6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"product": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"product_id": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-30.el6_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"product": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"product_id": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-30.el6_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-0:3.2.8-30.el6_6.1.x86_64",
"product": {
"name": "procps-0:3.2.8-30.el6_6.1.x86_64",
"product_id": "procps-0:3.2.8-30.el6_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-30.el6_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"product": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"product_id": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-devel@3.2.8-30.el6_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"product": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"product_id": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-debuginfo@3.2.8-30.el6_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-0:3.2.8-30.el6_6.1.i686",
"product": {
"name": "procps-0:3.2.8-30.el6_6.1.i686",
"product_id": "procps-0:3.2.8-30.el6_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-30.el6_6.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-0:3.2.8-30.el6_6.1.src",
"product": {
"name": "procps-0:3.2.8-30.el6_6.1.src",
"product_id": "procps-0:3.2.8-30.el6_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps@3.2.8-30.el6_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.src",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.src as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.src",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 6.6)",
"product_id": "6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.src",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.src",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.i686",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-0:3.2.8-30.el6_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 6.6)",
"product_id": "6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
},
"product_reference": "procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-26T13:17:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1126",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "RHBZ#1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-26T13:17:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.AUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.AUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.src",
"6Server-optional-6.6.TUS:procps-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-debuginfo-0:3.2.8-30.el6_6.1.x86_64",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.i686",
"6Server-optional-6.6.TUS:procps-devel-0:3.2.8-30.el6_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues"
}
]
}
RHSA-2019:1944
Vulnerability from csaf_redhat - Published: 2019-07-30 09:17 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: procps-ng security update
Severity
Important
Notes
Topic: An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
4.8 (Medium)
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:1944",
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1944.json"
}
],
"title": "Red Hat Security Advisory: procps-ng security update",
"tracking": {
"current_release_date": "2025-11-21T18:09:14+00:00",
"generator": {
"date": "2025-11-21T18:09:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:1944",
"initial_release_date": "2019-07-30T09:17:00+00:00",
"revision_history": [
{
"date": "2019-07-30T09:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-07-30T09:17:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.src",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T09:17:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1126",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "RHBZ#1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T09:17:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues"
}
]
}
RHSA-2019:2401
Vulnerability from csaf_redhat - Published: 2019-08-07 11:39 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: procps-ng security update
Severity
Important
Notes
Topic: An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
56 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2401",
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2401.json"
}
],
"title": "Red Hat Security Advisory: procps-ng security update",
"tracking": {
"current_release_date": "2025-11-21T18:09:42+00:00",
"generator": {
"date": "2025-11-21T18:09:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2401",
"initial_release_date": "2019-08-07T11:39:40+00:00",
"revision_history": [
{
"date": "2019-08-07T11:39:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-07T11:39:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-10.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-10.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-10.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"product_id": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-10.el7_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"product": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"product_id": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-10.el7_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.src",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-07T11:39:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
}
]
}
RHSA-2019_1944
Vulnerability from csaf_redhat - Published: 2019-07-30 09:17 - Updated: 2024-11-15 00:43Summary
Red Hat Security Advisory: procps-ng security update
Severity
Important
Notes
Topic: An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
4.8 (Medium)
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\n* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:1944",
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1944.json"
}
],
"title": "Red Hat Security Advisory: procps-ng security update",
"tracking": {
"current_release_date": "2024-11-15T00:43:36+00:00",
"generator": {
"date": "2024-11-15T00:43:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:1944",
"initial_release_date": "2019-07-30T09:17:00+00:00",
"revision_history": [
{
"date": "2019-07-30T09:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-07-30T09:17:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:43:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.4::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-16.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-16.el7_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"product": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"product_id": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-16.el7_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-16.el7_4.1.src",
"product": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src",
"product_id": "procps-ng-0:3.3.10-16.el7_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-16.el7_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.4)",
"product_id": "7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4)",
"product_id": "7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.src",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.4)",
"product_id": "7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T09:17:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1126",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "RHBZ#1575853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-07-30T09:17:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7ComputeNode-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7ComputeNode-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.src",
"7Server-optional-7.4.EUS:procps-ng-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-debuginfo-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.i686",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-devel-0:3.3.10-16.el7_4.1.x86_64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.ppc64le",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.s390x",
"7Server-optional-7.4.EUS:procps-ng-i18n-0:3.3.10-16.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues"
}
]
}
RHSA-2019_2401
Vulnerability from csaf_redhat - Published: 2019-08-07 11:39 - Updated: 2024-11-15 00:44Summary
Red Hat Security Advisory: procps-ng security update
Severity
Important
Notes
Topic: An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es):
* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).
7.3 (High)
Affected products
Fixed
56 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.\n\nSecurity Fix(es):\n\n* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2401",
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2401.json"
}
],
"title": "Red Hat Security Advisory: procps-ng security update",
"tracking": {
"current_release_date": "2024-11-15T00:44:51+00:00",
"generator": {
"date": "2024-11-15T00:44:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2401",
"initial_release_date": "2019-08-07T11:39:40+00:00",
"revision_history": [
{
"date": "2019-08-07T11:39:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-07T11:39:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:44:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-10.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-10.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-10.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"product_id": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-10.el7_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"product": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"product_id": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-10.el7_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.src",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-debuginfo@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-devel@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng-i18n@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"product": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"product_id": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/procps-ng@3.3.10-10.el7_3.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.src",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
},
"product_reference": "procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1124",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575465"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "procps: Integer overflows leading to heap overflow in file2strvec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "RHBZ#1575465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"category": "external",
"summary": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-07T11:39:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.AUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.AUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.AUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.E4S:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.ppc64le",
"7Server-optional-7.3.E4S:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.src",
"7Server-optional-7.3.TUS:procps-ng-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-debuginfo-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.i686",
"7Server-optional-7.3.TUS:procps-ng-devel-0:3.3.10-10.el7_3.1.x86_64",
"7Server-optional-7.3.TUS:procps-ng-i18n-0:3.3.10-10.el7_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "procps: Integer overflows leading to heap overflow in file2strvec"
}
]
}
SUSE-SU-2018:1836-1
Vulnerability from csaf_suse - Published: 2018-06-28 11:44 - Updated: 2018-06-28 11:44Summary
Security update for procps
Severity
Moderate
Notes
Title of the patch: Security update for procps
Description of the patch: This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Patchnames: SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1242,SUSE-SLE-DESKTOP-12-SP3-2018-1242,SUSE-SLE-SDK-12-SP3-2018-1242,SUSE-SLE-SERVER-12-SP3-2018-1242
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1242,SUSE-SLE-DESKTOP-12-SP3-2018-1242,SUSE-SLE-SDK-12-SP3-2018-1242,SUSE-SLE-SERVER-12-SP3-2018-1242",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1836-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1836-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181836-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1836-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-June/004229.html"
},
{
"category": "self",
"summary": "SUSE Bug 1092100",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "Security update for procps",
"tracking": {
"current_release_date": "2018-06-28T11:44:22Z",
"generator": {
"date": "2018-06-28T11:44:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1836-1",
"initial_release_date": "2018-06-28T11:44:22Z",
"revision_history": [
{
"date": "2018-06-28T11:44:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.11.1.aarch64",
"product": {
"name": "procps-devel-3.3.9-11.11.1.aarch64",
"product_id": "procps-devel-3.3.9-11.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.11.1.aarch64",
"product": {
"name": "libprocps3-3.3.9-11.11.1.aarch64",
"product_id": "libprocps3-3.3.9-11.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.11.1.aarch64",
"product": {
"name": "procps-3.3.9-11.11.1.aarch64",
"product_id": "procps-3.3.9-11.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.11.1.ppc64le",
"product": {
"name": "procps-devel-3.3.9-11.11.1.ppc64le",
"product_id": "procps-devel-3.3.9-11.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.11.1.ppc64le",
"product": {
"name": "libprocps3-3.3.9-11.11.1.ppc64le",
"product_id": "libprocps3-3.3.9-11.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.11.1.ppc64le",
"product": {
"name": "procps-3.3.9-11.11.1.ppc64le",
"product_id": "procps-3.3.9-11.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.11.1.s390x",
"product": {
"name": "procps-devel-3.3.9-11.11.1.s390x",
"product_id": "procps-devel-3.3.9-11.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.11.1.s390x",
"product": {
"name": "libprocps3-3.3.9-11.11.1.s390x",
"product_id": "libprocps3-3.3.9-11.11.1.s390x"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.11.1.s390x",
"product": {
"name": "procps-3.3.9-11.11.1.s390x",
"product_id": "procps-3.3.9-11.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.11.1.x86_64",
"product": {
"name": "libprocps3-3.3.9-11.11.1.x86_64",
"product_id": "libprocps3-3.3.9-11.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.11.1.x86_64",
"product": {
"name": "procps-3.3.9-11.11.1.x86_64",
"product_id": "procps-3.3.9-11.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.11.1.x86_64",
"product": {
"name": "procps-devel-3.3.9-11.11.1.x86_64",
"product_id": "procps-devel-3.3.9-11.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64"
},
"product_reference": "procps-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64"
},
"product_reference": "procps-devel-3.3.9-11.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le"
},
"product_reference": "procps-devel-3.3.9-11.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x"
},
"product_reference": "procps-devel-3.3.9-11.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
},
"product_reference": "procps-devel-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64"
},
"product_reference": "libprocps3-3.3.9-11.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le"
},
"product_reference": "libprocps3-3.3.9-11.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x"
},
"product_reference": "libprocps3-3.3.9-11.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64"
},
"product_reference": "procps-3.3.9-11.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le"
},
"product_reference": "procps-3.3.9-11.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x"
},
"product_reference": "procps-3.3.9-11.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64"
},
"product_reference": "procps-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64"
},
"product_reference": "libprocps3-3.3.9-11.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le"
},
"product_reference": "libprocps3-3.3.9-11.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x"
},
"product_reference": "libprocps3-3.3.9-11.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64"
},
"product_reference": "procps-3.3.9-11.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le"
},
"product_reference": "procps-3.3.9-11.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x"
},
"product_reference": "procps-3.3.9-11.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64"
},
"product_reference": "procps-3.3.9-11.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-28T11:44:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-28T11:44:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-28T11:44:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-28T11:44:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.11.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-28T11:44:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-1126"
}
]
}
SUSE-SU-2018:2042-1
Vulnerability from csaf_suse - Published: 2018-07-23 08:58 - Updated: 2018-07-23 08:58Summary
Security update for procps
Severity
Moderate
Notes
Title of the patch: Security update for procps
Description of the patch: This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Patchnames: slessp4-procps-13699
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-procps-13699",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2042-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2042-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182042-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2042-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004299.html"
},
{
"category": "self",
"summary": "SUSE Bug 1092100",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "Security update for procps",
"tracking": {
"current_release_date": "2018-07-23T08:58:30Z",
"generator": {
"date": "2018-07-23T08:58:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2042-1",
"initial_release_date": "2018-07-23T08:58:30Z",
"revision_history": [
{
"date": "2018-07-23T08:58:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "procps-3.2.7-152.31.1.i586",
"product": {
"name": "procps-3.2.7-152.31.1.i586",
"product_id": "procps-3.2.7-152.31.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-3.2.7-152.31.1.ia64",
"product": {
"name": "procps-3.2.7-152.31.1.ia64",
"product_id": "procps-3.2.7-152.31.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-3.2.7-152.31.1.ppc64",
"product": {
"name": "procps-3.2.7-152.31.1.ppc64",
"product_id": "procps-3.2.7-152.31.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-3.2.7-152.31.1.s390x",
"product": {
"name": "procps-3.2.7-152.31.1.s390x",
"product_id": "procps-3.2.7-152.31.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-3.2.7-152.31.1.x86_64",
"product": {
"name": "procps-3.2.7-152.31.1.x86_64",
"product_id": "procps-3.2.7-152.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586"
},
"product_reference": "procps-3.2.7-152.31.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64"
},
"product_reference": "procps-3.2.7-152.31.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64"
},
"product_reference": "procps-3.2.7-152.31.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x"
},
"product_reference": "procps-3.2.7-152.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64"
},
"product_reference": "procps-3.2.7-152.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586"
},
"product_reference": "procps-3.2.7-152.31.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64"
},
"product_reference": "procps-3.2.7-152.31.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64"
},
"product_reference": "procps-3.2.7-152.31.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x"
},
"product_reference": "procps-3.2.7-152.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.2.7-152.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
},
"product_reference": "procps-3.2.7-152.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:58:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:58:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:58:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:58:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:procps-3.2.7-152.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:procps-3.2.7-152.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-07-23T08:58:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-1126"
}
]
}
SUSE-SU-2018:2451-2
Vulnerability from csaf_suse - Published: 2018-11-26 16:46 - Updated: 2018-11-26 16:46Summary
Security update for procps
Severity
Moderate
Notes
Title of the patch: Security update for procps
Description of the patch: This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Patchnames: SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1696,SUSE-SLE-DESKTOP-12-SP3-2018-1696,SUSE-SLE-SDK-12-SP3-2018-1696,SUSE-SLE-SERVER-12-SP3-2018-1696
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procps fixes the following security issues:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1696,SUSE-SLE-DESKTOP-12-SP3-2018-1696,SUSE-SLE-SDK-12-SP3-2018-1696,SUSE-SLE-SERVER-12-SP3-2018-1696",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2451-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2451-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182451-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2451-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004889.html"
},
{
"category": "self",
"summary": "SUSE Bug 1092100",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "Security update for procps",
"tracking": {
"current_release_date": "2018-11-26T16:46:46Z",
"generator": {
"date": "2018-11-26T16:46:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2451-2",
"initial_release_date": "2018-11-26T16:46:46Z",
"revision_history": [
{
"date": "2018-11-26T16:46:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.14.1.aarch64",
"product": {
"name": "procps-devel-3.3.9-11.14.1.aarch64",
"product_id": "procps-devel-3.3.9-11.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.14.1.aarch64",
"product": {
"name": "libprocps3-3.3.9-11.14.1.aarch64",
"product_id": "libprocps3-3.3.9-11.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.14.1.aarch64",
"product": {
"name": "procps-3.3.9-11.14.1.aarch64",
"product_id": "procps-3.3.9-11.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.14.1.ppc64le",
"product": {
"name": "procps-devel-3.3.9-11.14.1.ppc64le",
"product_id": "procps-devel-3.3.9-11.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.14.1.ppc64le",
"product": {
"name": "libprocps3-3.3.9-11.14.1.ppc64le",
"product_id": "libprocps3-3.3.9-11.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.14.1.ppc64le",
"product": {
"name": "procps-3.3.9-11.14.1.ppc64le",
"product_id": "procps-3.3.9-11.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.14.1.s390x",
"product": {
"name": "procps-devel-3.3.9-11.14.1.s390x",
"product_id": "procps-devel-3.3.9-11.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.14.1.s390x",
"product": {
"name": "libprocps3-3.3.9-11.14.1.s390x",
"product_id": "libprocps3-3.3.9-11.14.1.s390x"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.14.1.s390x",
"product": {
"name": "procps-3.3.9-11.14.1.s390x",
"product_id": "procps-3.3.9-11.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps3-3.3.9-11.14.1.x86_64",
"product": {
"name": "libprocps3-3.3.9-11.14.1.x86_64",
"product_id": "libprocps3-3.3.9-11.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-3.3.9-11.14.1.x86_64",
"product": {
"name": "procps-3.3.9-11.14.1.x86_64",
"product_id": "procps-3.3.9-11.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.9-11.14.1.x86_64",
"product": {
"name": "procps-devel-3.3.9-11.14.1.x86_64",
"product_id": "procps-devel-3.3.9-11.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64"
},
"product_reference": "procps-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64"
},
"product_reference": "procps-devel-3.3.9-11.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le"
},
"product_reference": "procps-devel-3.3.9-11.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x"
},
"product_reference": "procps-devel-3.3.9-11.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
},
"product_reference": "procps-devel-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64"
},
"product_reference": "libprocps3-3.3.9-11.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le"
},
"product_reference": "libprocps3-3.3.9-11.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x"
},
"product_reference": "libprocps3-3.3.9-11.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64"
},
"product_reference": "procps-3.3.9-11.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le"
},
"product_reference": "procps-3.3.9-11.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x"
},
"product_reference": "procps-3.3.9-11.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64"
},
"product_reference": "procps-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64"
},
"product_reference": "libprocps3-3.3.9-11.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le"
},
"product_reference": "libprocps3-3.3.9-11.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x"
},
"product_reference": "libprocps3-3.3.9-11.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps3-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64"
},
"product_reference": "libprocps3-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64"
},
"product_reference": "procps-3.3.9-11.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le"
},
"product_reference": "procps-3.3.9-11.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x"
},
"product_reference": "procps-3.3.9-11.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.9-11.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64"
},
"product_reference": "procps-3.3.9-11.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libprocps3-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:procps-3.3.9-11.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:procps-devel-3.3.9-11.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-26T16:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-1126"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…