Gentoo alert 202506-12 (sysstat)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202506-12 ] sysstat: Arbitrary Code Execution | |
| Date: | Sun, 15 Jun 2025 06:24:52 -0000 | |
| Message-ID: | <174996869279.7.11330145813078335958@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: sysstat: Arbitrary Code Execution Date: June 15, 2025 Bugs: #907121 ID: 202506-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution. Background ========== sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ app-admin/sysstat < 12.6.2-r1 >= 12.6.2-r1 Description =========== A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an incomplete fix for CVE-2022-39377. Impact ====== On 32 bit systems, an integer overflow can be triggered when displaying activity data files. Workaround ========== There is no known workaround at this time. Resolution ========== All sysstat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1" References ========== [ 1 ] CVE-2023-33204 https://nvd.nist.gov/vuln/detail/CVE-2023-33204 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-12 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmhOZzQACgkQFMQkOaVy +9moLQ//UnHQsrhOMGxM1hBUgWxyXTmnrQRvVu/fUe7KV3KRCOUY5xN1lfuT+S/7 KT73fAxaDBJiDEvj/Tnbf1sOpJ9SidtgFVIR6FjssrQjLB+KF42NdM2G+HFu22fd vTlm7AbaHXk0fzNSggPDE6XmpIVfDsIYVJ/8KlLWMscAWDNsqDURNnVwCAxOs4yl ecwsKipGMbzfweEJhvjh2CFr3rsr7m0ZJRSr4YIGtIIMPr6jXLpUIUc+urJjo0pX ba6a8cPxz4JXo4W9WaM0ZhW89LGCslvQ0NL2Uj5w3wpigg/ntrGYVoYY8pEm//D4 Tf07cxwp06fa3qTlXMa9RKwMLz3dII0Wcn0uHZLo3l7de76sAztj7Hy0tnb58ia5 HI+wuylThjRKZB7ypSpBSoJP9hPln+Ge/Yjg4IqxO9Tv15WW1/ls0R+S0zHRSvur FS2YG88VTRngQofyJe1sNRIiILp2KRXXKkzv2MWc2DRKXM+5vdKiNPx7qqWv8XL5 5CJkd4sghzirV9qrnt6n7pPDheHJZp0jYW50mMPtU+ZMMY4jRurL9TYzDBnYbqub 2g9HVnQkSIQ7sCrexwhVJpzBXqHMw7F5JHpwRGeCn4c7AwBfDZKev1B5fUkFJ/n5 U12HQ1OiYAH10BRPlk1cQ0DDpntp6wYdN5eTHx8N+Od7bHJKiU0= =MToq -----END PGP SIGNATURE-----