CLD-407 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
procps-ng |
| Deficiency Type |
SECURITY |
| Date Created |
2018-05-17 13:24:42 |
| Date Last Modified |
2018-05-17 17:44:46 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in procps-ng-3.3.11-i686-2 |
| Cucumber 1.0 x86_64 | fixed in procps-ng-3.3.11-x86_64-2 and procps-ng-lib_i686-3.3.11-lib_i686-2 |
| Cucumber 1.1 i686 |
fixed in procps-ng-3.3.11-i686-2 |
| Cucumber 1.1 x86_64 |
fixed in procps-ng-3.3.11-x86_64-2 and procps-ng-lib_i686-3.3.11-lib_i686-2 |
Details:
================================ Initial Report ================================
Referenced briefly in http://www.openwall.com/lists/oss-security/2018/05/17/1:
CVE-2018-1126 to 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch.
================================= Our Analysis =================================
Fixed in 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
https://www.qualys.com/2018/05/17/procps-ng-audit-report-patches.tar.gz
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt