SB2019040814 - OpenSUSE Linux update for sysstat
Published: April 8, 2019 Updated: April 26, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2018-19416)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to out-of-bounds read in the remap_struct function in sa_common.c during a memmove call. A local attacker can control src and n of memmove, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Out-of-bounds read (CVE-ID: CVE-2018-19517)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to out-of-bounds read in the remap_struct function in sa_common.c during a memmove call. A local attacker can make a memset call that submits malicious input, trigger memory corruption and cause the sadfcommand to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.