Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 23.04: USN-6145-1 Critical Security Advisory on Sysstat DoS Issue

ubuntu
Calendar Grey June 7, 2023
Dist Ubuntu Esm H88
Explore the security notification USN-6145-1, which details vulnerabilities found in sysstat that may result in system crashes or unauthorized code execution.
Sysstat could be made to crash or run programs if it processed specially crafted data.

Summary

Sysstat could be made to crash or run programs if it processed specially

crafted data.

Software Description:

- sysstat: system performance tools for Linux

Details:

It was discovered that Sysstat incorrectly handled certain arithmetic

multiplications. An attacker could use this issue to cause Sysstat to

crash, resulting in a denial of service, or possibly execute arbitrary

code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)

It was discovered that Sysstat incorrectly handled certain arithmetic

multiplications in 64-bit systems, as a result of an incomplete fix for

CVE-2022-39377. An attacker could use this issue to cause Sysstat to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2023-33204)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   sysstat                         12.6.1-1ubuntu0.1

Ubuntu 22.10:
   sysstat                         12.5.6-1ubuntu0.2

Ubuntu 22.04 LTS:
   sysstat                         12.5.2-2ubuntu0.2

Ubuntu 20.04 LTS:
   sysstat                         12.2.0-2ubuntu0.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   sysstat                         11.6.1-1ubuntu0.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   sysstat                         11.2.0-1ubuntu0.3+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   sysstat                         10.2.0-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6145-1

CVE-2022-39377, CVE-2023-33204

Severity
critical
Lowest
Low
Medium
High
Critical

June 07, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.