Hello community, here is the log from the commit of package sysstat for openSUSE:Leap:15.2 checked in at 2020-06-01 12:09:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/sysstat (Old) and /work/SRC/openSUSE:Leap:15.2/.sysstat.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysstat" Mon Jun 1 12:09:41 2020 rev:23 rq:810222 version:12.0.2 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/sysstat/sysstat.changes 2020-01-15 16:04:59.975975679 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.sysstat.new.3606/sysstat.changes 2020-06-01 12:09:46.166426849 +0200 @@ -1,0 +2,7 @@ +Thu Dec 12 15:20:43 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonza...@suse.com> + +- Security fix: [bsc#1159104, CVE-2019-19725] + * Double free in check_file_actlst in sa_common.c +- Add sysstat-CVE-2019-19725.patch + +------------------------------------------------------------------- New: ---- sysstat-CVE-2019-19725.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysstat.spec ++++++ --- /var/tmp/diff_new_pack.CTMkLz/_old 2020-06-01 12:09:46.522427968 +0200 +++ /var/tmp/diff_new_pack.CTMkLz/_new 2020-06-01 12:09:46.526427980 +0200 @@ -39,6 +39,8 @@ Patch4: sysstat-mtab-symlinks-and-automounter.patch # PATCH-FIX-UPSTREAM bsc#1150114 CVE-2019-16167 sysstat-CVE-2019-16167.patch Patch5: sysstat-CVE-2019-16167.patch +# PATCH-FIX-UPSTREAM CVE-2019-19725 bsc#159104 double free in check_file_actlst +Patch6: sysstat-CVE-2019-19725.patch BuildRequires: findutils BuildRequires: pkgconfig BuildRequires: sed @@ -80,6 +82,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 cp %{SOURCE1} %{SOURCE2} %{SOURCE4} . # remove date and time from objects find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \; ++++++ sysstat-CVE-2019-19725.patch ++++++ >From a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed Mon Sep 17 00:00:00 2001 From: Sebastien GODARD <syss...@users.noreply.github.com> Date: Mon, 9 Dec 2019 17:54:07 +0100 Subject: [PATCH] Fix #242: Double free in check_file_actlst() Avoid freeing buffer() twice. Signed-off-by: Sebastien GODARD <syss...@users.noreply.github.com> --- sa_common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sa_common.c b/sa_common.c index cf52aefe..856a3715 100644 --- a/sa_common.c +++ b/sa_common.c @@ -2153,6 +2153,7 @@ void check_file_actlst(int *ifd, char *dfile, struct activity *act[], uint64_t f } free(buffer); + buffer = NULL; /* Check that at least one activity selected by the user is available in file */ for (i = 0; i < NR_ACT; i++) {