Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora: 2021-b8f1e6c456 Urgent: libxml2 Buffer Overflow

fedora
Calendar Grey May 24, 2018
Dist Fedora Esm H88
Vital improvements for procps-ng in Fedora 27 targeting integer overflow vulnerabilities and bolstering system tool security.
Fixes for: * CVE-2018-1124 * CVE-2018-1126

Summary

The procps package contains a set of system utilities that provide

system information. Procps includes ps, free, skill, pkill, pgrep,

snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command

displays a snapshot of running processes. The top command provides

a repetitive update of the statuses of running processes. The free

command displays the amounts of free and used memory on your

system. The skill command sends a terminate command (or another

specified signal) to a specified set of processes. The snice

command is used to change the scheduling priority of specified

processes. The tload command prints a graph of the current system

load average to a specified tty. The uptime command displays the

current time, how long the system has been running, how many users

are logged on, and system load averages for the past one, five,

and fifteen minutes. The w command displays a list of the users

who are currently logged on and what they are running. The watch

program watches a running program. The vmstat command displays

virtual memory statistics about processes, memory, paging, block

I/O, traps, and CPU activity. The pwdx command reports the current

working directory of a process or processes.

Fixes for: * CVE-2018-1124 * CVE-2018-1126

* Fri May 18 2018 Kamil Dudka - 3.3.10-16

- fix integer overflows leading to heap overflow (CVE-2018-1124 CVE-2018-1126)

su -c 'dnf upgrade --advisory FEDORA-2018-de5de06754' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOSXM6XK4Q5ZVHOEKCXBSWFMCCYLPD2E/

Topics%20covered

Topics Covered

security advisory Fedora critical update heap overflow system utilities procps-ng

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 3.3.10
Release: 16.fc27
URL: /
Summary: System and process monitoring utilities

Topics%20covered

Topics Covered

security advisory Fedora critical update heap overflow system utilities procps-ng

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here