update: procps #1160

dongsupark · 2023-08-11T12:30:32Z

Name: procps
CVEs: CVE-2023-4016
CVSSs: 5.5
Action Needed: update to >= 4.0.4

Summary: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

See also https://gitlab.com/procps-ng/procps/-/issues/297#note_1507613004.
Fix: https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413

refmap.gentoo: https://bugs.gentoo.org/913408

dongsupark added security security concerns advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS labels Aug 11, 2023

dongsupark added this to Flatcar tactical, release planning, and roadmap Aug 11, 2023

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Aug 11, 2023

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Aug 11, 2023

krnowak mentioned this issue Sep 28, 2023

Weekly portage-stable package updates 2023-09-25 flatcar/scripts#1177

Merged

2 tasks

krnowak closed this as completed in flatcar/scripts#1177 Sep 28, 2023

github-project-automation bot moved this from 🪵Backlog to Implemented in Flatcar tactical, release planning, and roadmap Sep 28, 2023

github-actions bot mentioned this issue Nov 9, 2023

Monthly contributions report 2023-09-22 - 2023-10-21 #1244

Closed

dongsupark removed this from Flatcar tactical, release planning, and roadmap Feb 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: procps #1160

update: procps #1160

dongsupark commented Aug 11, 2023 •

edited

Loading

update: procps #1160

update: procps #1160

Comments

dongsupark commented Aug 11, 2023 • edited Loading

dongsupark commented Aug 11, 2023 •

edited

Loading