安全公告详情

NS-SA-2019-0019

2019-07-17 14:55:17

简介

important: procps-ng/php security update

严重级别

important

主题

An update for procps-ng/php is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

procps-ng: The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the statuses of running processes. The free command displays the amounts of free and used memory on your system. The skill command sends a terminate command (or another specified signal) to a specified set of processes. The snice command is used to change the scheduling priority of specified processes. The tload command prints a graph of the current system load average to a specified tty. The uptime command displays the current time, how long the system has been running, how many users are logged on, and system load averages for the past one, five, and fifteen minutes. The w command displays a list of the users who are currently logged on and what they are running. The watch program watches a running program. The vmstat command displays virtual memory statistics about processes, memory, paging, block I/O, traps, and CPU activity. The pwdx command reports the current working directory of a process or processes.
php: PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.


Security Fix(es):
procps-ng: Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).(CVE-2018-1124)
procps-ng: A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.(CVE-2018-1126)
procps-ng: bugfix
php: An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.(CVE-2016-10168)
php: A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service.(CVE-2016-10167)
php: A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack.(CVE-2017-7890)
php: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F5.

影响组件

  • procps-ng
  • php

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["procps-ng-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm","procps-ng-debuginfo-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm","procps-ng-devel-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm","procps-ng-i18n-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm"],"source":"procps-ng-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.src.rpm"},{"binary":["php-debuginfo-5.4.16-43.el7_4.1.x86_64.rpm","php-devel-5.4.16-43.el7_4.1.x86_64.rpm","php-embedded-5.4.16-43.el7_4.1.x86_64.rpm","php-enchant-5.4.16-43.el7_4.1.x86_64.rpm","php-fpm-5.4.16-43.el7_4.1.x86_64.rpm","php-gd-5.4.16-43.el7_4.1.x86_64.rpm","php-intl-5.4.16-43.el7_4.1.x86_64.rpm","php-ldap-5.4.16-43.el7_4.1.x86_64.rpm","php-mbstring-5.4.16-43.el7_4.1.x86_64.rpm","php-mysql-5.4.16-43.el7_4.1.x86_64.rpm","php-mysqlnd-5.4.16-43.el7_4.1.x86_64.rpm","php-odbc-5.4.16-43.el7_4.1.x86_64.rpm","php-pdo-5.4.16-43.el7_4.1.x86_64.rpm","php-pgsql-5.4.16-43.el7_4.1.x86_64.rpm","php-process-5.4.16-43.el7_4.1.x86_64.rpm","php-pspell-5.4.16-43.el7_4.1.x86_64.rpm","php-recode-5.4.16-43.el7_4.1.x86_64.rpm","php-snmp-5.4.16-43.el7_4.1.x86_64.rpm","php-soap-5.4.16-43.el7_4.1.x86_64.rpm","php-xml-5.4.16-43.el7_4.1.x86_64.rpm","php-xmlrpc-5.4.16-43.el7_4.1.x86_64.rpm","php-5.4.16-43.el7_4.1.x86_64.rpm","php-bcmath-5.4.16-43.el7_4.1.x86_64.rpm","php-cli-5.4.16-43.el7_4.1.x86_64.rpm","php-common-5.4.16-43.el7_4.1.x86_64.rpm","php-dba-5.4.16-43.el7_4.1.x86_64.rpm"],"source":"php-5.4.16-43.el7_4.1.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["procps-ng-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm","procps-ng-debuginfo-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm","procps-ng-devel-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm","procps-ng-i18n-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.x86_64.rpm"],"source":"procps-ng-3.3.10-17.el7_5.2.cgslv5.0.3.gada764e.src.rpm"},{"binary":["php-snmp-5.4.16-43.el7_4.1.x86_64.rpm","php-soap-5.4.16-43.el7_4.1.x86_64.rpm","php-xml-5.4.16-43.el7_4.1.x86_64.rpm","php-xmlrpc-5.4.16-43.el7_4.1.x86_64.rpm","php-5.4.16-43.el7_4.1.x86_64.rpm","php-bcmath-5.4.16-43.el7_4.1.x86_64.rpm","php-cli-5.4.16-43.el7_4.1.x86_64.rpm","php-common-5.4.16-43.el7_4.1.x86_64.rpm","php-dba-5.4.16-43.el7_4.1.x86_64.rpm","php-debuginfo-5.4.16-43.el7_4.1.x86_64.rpm","php-devel-5.4.16-43.el7_4.1.x86_64.rpm","php-embedded-5.4.16-43.el7_4.1.x86_64.rpm","php-enchant-5.4.16-43.el7_4.1.x86_64.rpm","php-fpm-5.4.16-43.el7_4.1.x86_64.rpm","php-gd-5.4.16-43.el7_4.1.x86_64.rpm","php-intl-5.4.16-43.el7_4.1.x86_64.rpm","php-ldap-5.4.16-43.el7_4.1.x86_64.rpm","php-mbstring-5.4.16-43.el7_4.1.x86_64.rpm","php-mysql-5.4.16-43.el7_4.1.x86_64.rpm","php-mysqlnd-5.4.16-43.el7_4.1.x86_64.rpm","php-odbc-5.4.16-43.el7_4.1.x86_64.rpm","php-pdo-5.4.16-43.el7_4.1.x86_64.rpm","php-pgsql-5.4.16-43.el7_4.1.x86_64.rpm","php-process-5.4.16-43.el7_4.1.x86_64.rpm","php-pspell-5.4.16-43.el7_4.1.x86_64.rpm","php-recode-5.4.16-43.el7_4.1.x86_64.rpm"],"source":"php-5.4.16-43.el7_4.1.src.rpm"}]}]}

CVE

参考