[Bugs] [Bug 13325] New: [CVE 21] sysstat 12.5.3 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13325

          Platform: 2021.1
            Bug ID: 13325
           Summary: [CVE 21] sysstat 12.5.3  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-39377,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package sysstat version 12.5.3

INFO (CVEs are): sysstat 12.5.3
 cves found
CVE-2022-39377
Desc: sysstat is a set of system performance tools for the Linux operating
system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1,
allocate_structures contains a size_t overflow in sa_common.c. The
allocate_structures function insufficiently checks bounds before arithmetic
multiplication, allowing for an overflow in the size allocated for the buffer
representing system activities. This issue may lead to Remote Code Execution
(RCE). This issue has been patched in version 12.7.1.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-39377
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/122c5359/attachment.html>