安全公告详情

NS-SA-2019-0155

2019-07-17 15:04:30

简介

important: openssh/procps security update

严重级别

important

主题

An update for openssh/procps is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

openssh: This package contains a PAM module which can be used to authenticate users using ssh keys stored in a ssh-agent. Through the use of the forwarding of ssh-agent connection it also allows to authenticate with remote ssh-agent instance. The module is most useful for su and sudo service stacks.
procps: The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pdwx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the statuses of running processes. The free command displays the amounts of free and used memory on your system. The skill command sends a terminate command (or another specified signal) to a specified set of processes. The snice command is used to change the scheduling priority of specified processes. The tload command prints a graph of the current system load average to a specified tty. The uptime command displays the current time, how long the system has been running, how many users are logged on, and system load averages for the past one, five, and fifteen minutes. The w command displays a list of the users who are currently logged on and what they are running. The watch program watches a running program. The vmstat command displays virtual memory statistics about processes, memory, paging, block I/O, traps, and CPU activity. The pwdx command reports the current working directory of a process or processes.


Security Fix(es):
openssh: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473)
openssh: bugfix
procps: Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).(CVE-2018-1124)
procps: A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.(CVE-2018-1126)
procps: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F15.

影响组件

  • openssh
  • procps

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["pam_ssh_agent_auth-0.9.3-124.el6_10.x86_64.rpm","openssh-5.3p1-124.el6_10.x86_64.rpm","openssh-askpass-5.3p1-124.el6_10.x86_64.rpm","openssh-clients-5.3p1-124.el6_10.x86_64.rpm","openssh-debuginfo-5.3p1-124.el6_10.x86_64.rpm","openssh-ldap-5.3p1-124.el6_10.x86_64.rpm","openssh-server-5.3p1-124.el6_10.x86_64.rpm"],"source":"openssh-5.3p1-124.el6_10.src.rpm"},{"binary":["procps-3.2.8-45.el6_9.3.cgslv4u6.0.1.ga60f19f.x86_64.rpm","procps-debuginfo-3.2.8-45.el6_9.3.cgslv4u6.0.1.ga60f19f.x86_64.rpm","procps-devel-3.2.8-45.el6_9.3.cgslv4u6.0.1.ga60f19f.x86_64.rpm"],"source":"procps-3.2.8-45.el6_9.3.cgslv4u6.0.1.ga60f19f.src.rpm"}]}]}

CVE

参考