SUSE-SU-2025:0019-1

Опубликовано: 06 янв. 2025

Источник: suse-cvrf

Описание

Security update for sysstat

This update for sysstat fixes the following issues:

CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)

Список пакетов

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.2:latest

sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.3:latest

sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.4:latest

sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro/5.5:latest

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAP-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAP-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAPCAL-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAPCAL-EC2-HVM

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP3-SAPCAL-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-BYOS

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-BYOS-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened-BYOS

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAP-Hardened-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAPCAL

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAPCAL-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAPCAL-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP4-SAPCAL-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-Azure-3P

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-BYOS-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-Hardened-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAP-Hardened-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAPCAL-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAPCAL-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP5-SAPCAL-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-BYOS

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-BYOS-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-BYOS

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAP-Hardened-GCE

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAPCAL

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAPCAL-Azure

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAPCAL-EC2

sysstat-12.0.2-150000.3.37.1

Image SLES15-SP6-SAPCAL-GCE

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Micro 5.1

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Micro 5.2

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Micro 5.3

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Micro 5.4

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Micro 5.5

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

sysstat-12.0.2-150000.3.37.1

SUSE Linux Enterprise Module for Server Applications 15 SP6

sysstat-isag-12.0.2-150000.3.37.1

openSUSE Leap 15.6

sysstat-12.0.2-150000.3.37.1

sysstat-isag-12.0.2-150000.3.37.1

openSUSE Leap Micro 5.5

sysstat-12.0.2-150000.3.37.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250019-1/
Link for SUSE-SU-2025:0019-1
https://lists.suse.com/pipermail/sle-security-updates/2025-January/020063.html
E-Mail link for SUSE-SU-2025:0019-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202473
SUSE Bug 1202473
https://bugzilla.suse.com/1205224
SUSE Bug 1205224
https://bugzilla.suse.com/1211507
SUSE Bug 1211507
https://www.suse.com/security/cve/CVE-2022-39377/
SUSE CVE CVE-2022-39377 page
https://www.suse.com/security/cve/CVE-2023-33204/
SUSE CVE CVE-2023-33204 page

Описание

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Затронутые продукты

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.2:latest:sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.3:latest:sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.4:latest:sysstat-12.0.2-150000.3.37.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-39377.html
CVE-2022-39377
https://bugzilla.suse.com/1205224
SUSE Bug 1205224
https://bugzilla.suse.com/1211507
SUSE Bug 1211507

Описание

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

Затронутые продукты

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.2:latest:sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.3:latest:sysstat-12.0.2-150000.3.37.1

Container suse/sle-micro-rancher/5.4:latest:sysstat-12.0.2-150000.3.37.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-33204.html
CVE-2023-33204
https://bugzilla.suse.com/1211507
SUSE Bug 1211507
https://bugzilla.suse.com/1217270
SUSE Bug 1217270