| Summary: | sysstat new security issue CVE-2023-33204 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | sysstat-12.5.2-1.2.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2023-06-15 23:53:36 CEST
David Walser
2023-06-15 23:53:46 CEST
Status comment:
(none) =>
Patches available from upstream and Debian Suggested advisory: ======================== The updated package fixes a security vulnerability: sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. (CVE-2023-33204) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33204 https://www.debian.org/lts/security/2023/dla-3434 ======================== Updated package in core/updates_testing: ======================== sysstat-12.5.2-1.2.mga8 from SRPM: sysstat-12.5.2-1.2.mga8.src.rpm Source RPM:
sysstat-12.7.2-1.mga9.src.rpm =>
sysstat-12.5.2-1.2.mga8.src.rpm Testing this for mga8, x64. Groundwork in bug 26067. It appears that munin-node uses sysstat so I installed munin and munin-node. Documentation is mainly online. No handholding for a noddy so after a couple of hours fiddling about with configuration files gave up on that. $ sar Linux 5.15.117-1.mga8 (canopus) 17/06/23 _x86_64_ (20 CPU) 16:01:01 CPU %user %nice %system %iowait %steal %idle 16:11:01 all 0.12 0.01 0.24 0.01 0.00 99.61 16:21:01 all 0.40 0.01 0.35 0.01 0.00 99.22 [...] Average: all 0.19 0.01 0.24 0.01 0.00 99.55 $ sadf canopus 600 2023-06-17 15:11:01 UTC all %user 0.12 canopus 600 2023-06-17 15:11:01 UTC all %nice 0.01 [...] canopus 600 2023-06-17 16:21:01 UTC all %system 0.26 canopus 600 2023-06-17 16:21:01 UTC all %iowait 0.01 canopus 600 2023-06-17 16:21:01 UTC all %steal 0.00 canopus 600 2023-06-17 16:21:01 UTC all %idle 99.38 $ iostat Linux 5.15.117-1.mga8 (canopus) 17/06/23 _x86_64_ (20 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.26 0.01 0.25 0.02 0.00 99.47 Device tps kB_read/s kB_wrtn/s kB_dscd/s kB_read kB_wrtn kB_dscd nvme0n1 2.50 85.06 11.33 0.00 1662253 221383 0 sda 3.10 81.59 17.89 0.00 1594493 349717 0 ... $ mpstat Linux 5.15.117-1.mga8 (canopus) 17/06/23 _x86_64_ (20 CPU) 17:33:27 CPU %usr %nice %sys %iowait %irq %soft %steal %guest %gnice %idle 17:33:27 all 0.26 0.01 0.25 0.02 0.00 0.00 0.00 0.00 0.00 99.47 $ pidstat Linux 5.15.117-1.mga8 (canopus) 17/06/23 _x86_64_ (20 CPU) 17:34:37 UID PID %usr %system %guest %wait %CPU CPU Command 17:34:37 0 1 0.02 0.04 0.00 0.00 0.05 7 systemd 17:34:37 0 2 0.00 0.00 0.00 0.00 0.00 5 kthreadd 1 [...] 17:34:37 1000 638408 0.03 0.00 0.00 0.00 0.03 8 emacs 17:34:37 1000 640932 0.00 0.00 0.00 0.00 0.00 0 Web Content 17:34:37 0 646577 0.00 0.00 0.00 0.00 0.00 13 kworker/13:0-events 17:34:37 0 648461 0.00 0.00 0.00 0.00 0.00 9 kworker/u40:3-events_unbound 17:34:37 1000 654742 0.00 0.00 0.00 0.00 0.00 6 pidstat Good enough. The cli utilities worked fine before the update so no regressions. CC:
(none) =>
tarazed25
Len Lawrence
2023-06-17 18:39:37 CEST
Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in comment 1. Keywords:
(none) =>
validated_update
Dave Hodgins
2023-06-19 17:10:29 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0203.html Status:
ASSIGNED =>
RESOLVED |