MGASA-2022-0433

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0433.html

Import Source

https://advisories.mageia.org/MGASA-2022-0433.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0433

Related

CVE-2022-39377

Published

2022-11-18T22:50:51Z

Modified

2022-11-18T21:49:18Z

Summary

Updated sysstat packages fix security vulnerability

Details

On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). (CVE-2022-39377)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / sysstat

Package

Name: sysstat
Purl: pkg:rpm/mageia/sysstat?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.5.2-1.1.mga8

Ecosystem specific

{
    "section": "core"
}