UbuntuUpdates.org

Package "libprocps4"

Name: libprocps4

Description:

library for accessing process information from /proc

Latest version: 2:3.3.10-4ubuntu2.4
Release: xenial (16.04)
Level: security
Repository: main
Head package: procps
Homepage: http://gitorious.org/procps

Links


Download "libprocps4"


Other versions of "libprocps4" in Xenial

Repository Area Version
base main 2:3.3.10-4ubuntu2
updates main 2:3.3.10-4ubuntu2.5

Changelog

Version: 2:3.3.10-4ubuntu2.4 2018-05-23 18:06:50 UTC

  procps (2:3.3.10-4ubuntu2.4) xenial-security; urgency=medium

  * SECURITY UPDATE: top configuration file read from current directory
    - debian/patches/CVE-2018-1122.patch: do not default to the cwd in
      top/top.c.
    - CVE-2018-1122
  * SECURITY UPDATE: ps output buffer overflow
    - debian/patches/CVE-2018-1123.patch: check sizes in ps/output.c.
    - CVE-2018-1123
  * SECURITY UPDATE: integer overflow in file2strvec()
    - debian/patches/CVE-2018-1124.patch: prevent overflow in
      proc/readproc.c.
    - CVE-2018-1124
  * SECURITY UPDATE: stack overflow in pgrep
    - debian/patches/CVE-2018-1125.patch: check length in pgrep.c.
    - CVE-2018-1125
  * SECURITY UPDATE: truncated sizes and possible integer overflow
    - debian/patches/CVE-2018-1126.patch: use size_t, not unsigned int in
      proc/alloc.*.
    - CVE-2018-1126

 -- Marc Deslauriers <email address hidden> Mon, 14 May 2018 08:05:23 -0400

CVE-2018-1122 Local Privilege Escalation in top
CVE-2018-1123 Denial of Service in ps
CVE-2018-1124 Local Privilege Escalation in libprocps
CVE-2018-1125 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
CVE-2018-1126 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch



About   -   Send Feedback to @ubuntu_updates