Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 37: FEDORA-2023-4706cef256 Critical: Sysstat Arithmetic Overflow

fedora
Calendar Grey July 20, 2023
Dist Fedora Esm H88
The recent update to the Fedora sysstat package addresses CVE-2023-33204, providing essential security enhancements for tools used in system performance monitoring.
Security fix for CVE-2023-33204

Summary

The sysstat package contains the sar, sadf, mpstat, iostat, tapestat,

pidstat, cifsiostat and sa tools for Linux.

The sar command collects and reports system activity information.

The information collected by sar can be saved in a file in a binary

format for future inspection. The statistics reported by sar concern

I/O transfer rates, paging activity, process-related activities,

interrupts, network activity, memory and swap space utilization, CPU

utilization, kernel activities and TTY statistics, among others. Both

UP and SMP machines are fully supported.

The sadf command may be used to display data collected by sar in

various formats (CSV, PCP, XML, etc.).

The iostat command reports CPU utilization and I/O statistics for disks.

The tapestat command reports statistics for tapes connected to the system.

The mpstat command reports global and per-processor statistics.

The pidstat command reports statistics for Linux tasks (processes).

The cifsiostat command reports I/O statistics for CIFS file systems.

Security fix for CVE-2023-33204

* Fri Jul 7 2023 psimovec - 12.6.2-2

- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)

[ 1 ] Bug #2208270 - CVE-2023-33204 sysstat: check_overflow() function can work incorrectly that lead to an overflow

https://bugzilla.redhat.com/show_bug.cgi?id=2208270

su -c 'dnf upgrade --advisory FEDORA-2023-4706cef256' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory critical Fedora sysstat monitoring tools arithmetic overflow

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 12.6.2
Release: 2.fc37
URL: Summary : Collection of performance monitoring tools for Linux

Topics%20covered

Topics Covered

security advisory critical Fedora sysstat monitoring tools arithmetic overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here