Source: sysstat Version: 12.5.6-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 12.5.2-2
Hi, The following vulnerability was published for sysstat. CVE-2022-39377[0]: | sysstat is a set of system performance tools for the Linux operating | system. On 32 bit systems, in versions 9.1.16 and newer but prior to | 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. | The allocate_structures function insufficiently checks bounds before | arithmetic multiplication, allowing for an overflow in the size | allocated for the buffer representing system activities. This issue | may lead to Remote Code Execution (RCE). This issue has been patched | in version 12.7.1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-39377 https://www.cve.org/CVERecord?id=CVE-2022-39377 [1] https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x Regards, Salvatore