Your message dated Sun, 04 Dec 2022 21:53:20 +0000
with message-id <[email protected]>
and subject line Bug#1023832: fixed in sysstat 12.6.1-1
has caused the Debian Bug report #1023832,
regarding sysstat: CVE-2022-39377: sysstat overflow on 32-bit systems
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1023832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023832
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sysstat
Version: 12.5.6-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 12.5.2-2
Hi,
The following vulnerability was published for sysstat.
CVE-2022-39377[0]:
| sysstat is a set of system performance tools for the Linux operating
| system. On 32 bit systems, in versions 9.1.16 and newer but prior to
| 12.7.1, allocate_structures contains a size_t overflow in sa_common.c.
| The allocate_structures function insufficiently checks bounds before
| arithmetic multiplication, allowing for an overflow in the size
| allocated for the buffer representing system activities. This issue
| may lead to Remote Code Execution (RCE). This issue has been patched
| in version 12.7.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-39377
https://www.cve.org/CVERecord?id=CVE-2022-39377
[1] https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sysstat
Source-Version: 12.6.1-1
Done: Robert Luberda <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sysstat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Robert Luberda <[email protected]> (supplier of updated sysstat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 04 Dec 2022 22:23:25 +0100
Source: sysstat
Architecture: source
Version: 12.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Robert Luberda <[email protected]>
Changed-By: Robert Luberda <[email protected]>
Closes: 1023832
Changes:
sysstat (12.6.1-1) unstable; urgency=medium
.
* New upstream stable version: fixes size_t overflow in sa_common.c
on 32-bit systems (CVE-2022-39377, closes: #1023832).
* Update lintian-overrides to fix mismatched overrides reported by
latest version of lintian.
* Update URL to upstream homepage.
* Standards-Version: 4.6.1 (no changes).
Checksums-Sha1:
1e21067dbe41507b345f09051238b826c23c49b9 1990 sysstat_12.6.1-1.dsc
a730982e0c2d4964a0022c1509f3ea0a345402bc 872900 sysstat_12.6.1.orig.tar.xz
2e7b45596014f8c2c2c70e10a538f161f2de3dee 36892 sysstat_12.6.1-1.debian.tar.xz
f8652eb887385c1812e6f1bfe0b546f5424048ac 7185 sysstat_12.6.1-1_amd64.buildinfo
Checksums-Sha256:
a1b464fd44bf1c9d45d872293d839c7ebb3dd0fa42d9a3c91bca8010b70b9381 1990
sysstat_12.6.1-1.dsc
18ff5a4e149e2568e43385637f72437fe6bafcc1322a93d13d1981e9464a0342 872900
sysstat_12.6.1.orig.tar.xz
4b0992ccb952ec8b8e2f4747f7dc9764a8cac7046339da06e7a0556e01e009e8 36892
sysstat_12.6.1-1.debian.tar.xz
cd6a112542c48c0246537fe3f36c40c1a503aa5310cee91997ebb917bf8e9ddd 7185
sysstat_12.6.1-1_amd64.buildinfo
Files:
614e73b62a0334b8749781c5f3cac928 1990 admin optional sysstat_12.6.1-1.dsc
c8d6a6799c0851497fed0fec89f26eb8 872900 admin optional
sysstat_12.6.1.orig.tar.xz
89479c161104805207c5080426672cbe 36892 admin optional
sysstat_12.6.1-1.debian.tar.xz
e5bd23da765b37fc3d6821dc02ca648e 7185 admin optional
sysstat_12.6.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAmONEMUACgkQYx3nVTvo
r9TruxAAgnVnyEfk7VbKYmTfeEFpleo1lILDFAwAn2n2DxQSZWgpaZRvQB5wsY7t
ay4q0lj+eo1tnofzL4sIxtwhqC7GJChuQqHyxGjqCpXwkuhTU1lwpq0ZoHKD8wi+
eFv9M87QUtrn1lPOBb7n+SEWr3eRkh5aJnnxdD2sDOfB15YeSaBDo5BSkh8cb1ud
fGfIN7JVf2v2gMPjmxRSmtpbO7nV2zjyza/EAPzk9EZP/FMMKVR/0oQGgOxebKR+
29cLH3FqvsPAh2wsHqSxc4dRMeDR1AC2GggzoxSJLJnFZRY5phX5quSTYD/QJeR5
YiWqz/xgyPrDjqDtASzFk52o//euqi1Te65tljGSPQwFEhN/EyZg+W7kx0HKrIti
NuZXSSUb9eKZC1RQC8MXq1lxMpx9IrkFLzU0P0l6inavDv9mKO02R2r9rlKNDbhP
XyD0Xxagloq4a1CbkiO0/UmI8W7mu5KZphwxMg5fpwGWuwdtFGUVDXkoeLr3i9//
FJrxu6iEPqBRBbA05o9UIuscNQQLgm2FMW2dPl6kzeRqS2cVlyT6GPytw/iz+aYB
MuoywQnhQqC9+Z8sagrbVHS9TRUndGhdSWF2CUmtKP8DI50UPqngvs+oE1jqOobz
W+AGeE7iQ8bfSxEM5yNJflh7PN0tlXa2v++tSmVeLOz23IWy248=
=QPTM
-----END PGP SIGNATURE-----
--- End Message ---
