File _patchinfo of Package patchinfo.7679

<patchinfo incident="7679">
  <issue tracker="bnc" id="1092100">VUL-0: CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126: procps: Multiple issues found by qualys</issue>
  <issue tracker="cve" id="2018-1126"/>
  <issue tracker="cve" id="2018-1125"/>
  <issue tracker="cve" id="2018-1124"/>
  <issue tracker="cve" id="2018-1123"/>
  <issue tracker="cve" id="2018-1122"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>WernerFink</packager>
  <description>This update for procps fixes the following security issues:

- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
  with HOME unset in an attacker-controlled directory, the attacker could have
  achieved privilege escalation by exploiting one of several vulnerabilities in
  the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
  Inbuilt protection in ps maped a guard page at the end of the overflowed
  buffer, ensuring that the impact of this flaw is limited to a crash (temporary
  denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
  corruption in file2strvec function. This allowed a privilege escalation for a
  local attacker who can create entries in procfs by starting processes, which
  could result in crashes or arbitrary code execution in proc utilities run by
  other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
  mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
  truncation/integer overflow issues (bsc#1092100).
</description>
  <summary>Security update for procps</summary>
</patchinfo>