CLD-406 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
procps-ng |
| Deficiency Type |
SECURITY |
| Date Created |
2018-05-17 13:24:32 |
| Date Last Modified |
2018-05-17 17:44:46 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in procps-ng-3.3.11-i686-2 |
| Cucumber 1.0 x86_64 | fixed in procps-ng-3.3.11-x86_64-2 and procps-ng-lib_i686-3.3.11-lib_i686-2 |
| Cucumber 1.1 i686 |
fixed in procps-ng-3.3.11-i686-2 |
| Cucumber 1.1 x86_64 |
fixed in procps-ng-3.3.11-x86_64-2 and procps-ng-lib_i686-3.3.11-lib_i686-2 |
Details:
================================ Initial Report ================================
Referenced briefly in http://www.openwall.com/lists/oss-security/2018/05/17/1:
Additionally, CVE-2018-1125 has been assigned to
0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch,
================================= Our Analysis =================================
Fixed in patch 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
https://www.qualys.com/2018/05/17/procps-ng-audit-report-patches.tar.gz
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt