For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The procps-ng packages contain a set of system utilities that provide
system information, including ps, free, skill, pkill, pgrep, snice, tload,
top, uptime, vmstat, w, watch, and pwdx.
Security Fix(es):
* procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2018-1122 https://access.redhat.com/security/updates/classification#moderate
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source:
procps-ng-3.3.10-16.el7_4.2.src.rpm
x86_64:
procps-ng-3.3.10-16.el7_4.2.i686.rpm
procps-ng-3.3.10-16.el7_4.2.x86_64.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source:
procps-ng-3.3.10-16.el7_4.2.src.rpm
ppc64le:
procps-ng-3.3.10-16.el7_4.2.ppc64le.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.ppc64le.rpm
x86_64:
procps-ng-3.3.10-16.el7_4.2.i686.rpm
procps-ng-3.3.10-16.el7_4.2.x86_64.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source:
procps-ng-3.3.10-16.el7_4.2.src.rpm
x86_64:
procps-ng-3.3.10-16.el7_4.2.i686.rpm
procps-ng-3.3.10-16.el7_4.2.x86_64.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64:
procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm
procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm
procps-ng-devel-3.3.10-16.el7_4.2.i686.rpm
procps-ng-devel-3.3.10-16.el7_4.2.x86_64.rpm
procps-ng-i18n-3.3.10-16.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le:
Read the Full Advisory
An update for procps-ng is now available for Red Hat Enterprise Linux 7.4Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended UpdateSupport, and Red Hat Enterprise Linux 7.4 Update Services for SAPSolutions.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
1575466 - CVE-2018-1122 procps-ng, procps: Local privilege escalation in top
Get the latest Linux and open source security news straight to your inbox.