USN-6145-1: Sysstat vulnerabilities
7 June 2023
Sysstat could be made to crash or run programs if it processed specially crafted data.
Releases
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- sysstat - system performance tools for Linux
Details
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications in 64-bit systems, as a result of an incomplete fix for
CVE-2022-39377. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2023-33204)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
-
sysstat
-
11.6.1-1ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
sysstat
-
11.2.0-1ubuntu0.3+esm2
Available with Ubuntu Pro
Ubuntu 14.04
-
sysstat
-
10.2.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5735-1: isag, sysstat
- USN-5748-1: isag, sysstat