SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2840-1
Container Tags        : suse/pcp:5 , suse/pcp:5-8.1 , suse/pcp:5.2 , suse/pcp:5.2-8.1 , suse/pcp:5.2.5 , suse/pcp:5.2.5-8.1 , suse/pcp:latest
Container Release     : 8.1
Severity              : important
Type                  : security
References            : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976
                        1185417 1195468 1206412 1206798 1209122 1209122 1214290 CVE-2018-1122
                        CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016
-----------------------------------------------------------------

The container suse/pcp was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2730-1
Released:    Mon Oct 21 16:04:57 2019
Summary:     Security update for procps
Type:        security
Severity:    important
References:  1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126
This update for procps fixes the following issues:

procps was updated to 3.3.15. (bsc#1092100)

Following security issues were fixed:

- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
  with HOME unset in an attacker-controlled directory, the attacker could have
  achieved privilege escalation by exploiting one of several vulnerabilities in
  the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
  Inbuilt protection in ps maped a guard page at the end of the overflowed
  buffer, ensuring that the impact of this flaw is limited to a crash (temporary
  denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
  corruption in file2strvec function. This allowed a privilege escalation for a
  local attacker who can create entries in procfs by starting processes, which
  could result in crashes or arbitrary code execution in proc utilities run by
  other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
  mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
  truncation/integer overflow issues (bsc#1092100).


Also this non-security issue was fixed:

- Fix CPU summary showing old data. (bsc#1121753)

The update to 3.3.15 contains the following fixes:

* library: Increment to 8:0:1
  No removals, no new functions
  Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec   CVE-2018-1124
* library: Use size_t for alloc functions                CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow                 CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS  CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config              CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
  No changes, no removals
  New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:225-1
Released:    Fri Jan 24 06:49:07 2020
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1158830
This update for procps fixes the following issues:

- Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2958-1
Released:    Tue Oct 20 12:24:55 2020
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1158830
This update for procps fixes the following issues:

- Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released:    Tue Apr 13 15:01:42 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1181976
This update for procps fixes the following issues:

- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released:    Mon May 10 13:48:00 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1185417
This update for procps fixes the following issues:

- Support up to 2048 CPU as well. (bsc#1185417)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:808-1
Released:    Fri Mar 11 06:07:58 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1195468
This update for procps fixes the following issues:

- Stop registering signal handler for SIGURG, to avoid `ps` failure if
  someone sends such signal. Without the signal handler, SIGURG will
  just be ignored. (bsc#1195468)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:181-1
Released:    Thu Jan 26 21:55:43 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1206412
This update for procps fixes the following issues:

- Improve memory handling/usage (bsc#1206412) 
- Make sure that correct library version is installed (bsc#1206412)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2104-1
Released:    Thu May  4 21:05:30 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1209122
This update for procps fixes the following issue:

- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released:    Tue Aug 29 10:55:16 2023
Summary:     Security update for procps
Type:        security
Severity:    low
References:  1214290,CVE-2023-4016
This update for procps fixes the following issues:

  - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:11-1
Released:    Tue Jan  2 13:24:52 2024
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1029961,1158830,1206798,1209122
This update for procps fixes the following issues:

- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)

- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
  the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
  (uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.

- Update to procps-ng-3.3.17

  * library: Incremented to 8:3:0
    (no removals or additions, internal changes only)
  * all: properly handle utf8 cmdline translations
  * kill: Pass int to signalled process
  * pgrep: Pass int to signalled process
  * pgrep: Check sanity of SG_ARG_MAX
  * pgrep: Add older than selection
  * pidof: Quiet mode
  * pidof: show worker threads
  * ps.1: Mention stime alias
  * ps: check also match on truncated 16 char comm names
  * ps: Add exe output option
  * ps: A lot more sorting available
  * pwait: New command waits for a process
  * sysctl: Match systemd directory order
  * sysctl: Document directory order
  * top: ensure config file backward compatibility
  * top: add command line 'e' for symmetry with 'E'
  * top: add '4' toggle for two abreast cpu display
  * top: add '!' toggle for combining multiple cpus
  * top: fix potential SEGV involving -p switch
  * vmstat: Wide mode gives wider proc columns
  * watch: Add environment variable for interval
  * watch: Add no linewrap option
  * watch: Support more colors
  * free,uptime,slabtop: complain about extra ops

- Package translations in procps-lang.

- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.

- Enable pidof by default

- Update to procps-ng-3.3.16

  * library: Increment to 8:2:0

    No removals or functions
    Internal changes only, so revision is incremented.
    Previous version should have been 8:1:0 not 8:0:1

  * docs: Use correct symbols for -h option in free.1
  * docs: ps.1 now warns about command name length
  * docs: install translated man pages
  * pgrep: Match on runstate
  * snice: Fix matching on pid
  * top: can now exploit 256-color terminals
  * top: preserves 'other filters' in configuration file
  * top: can now collapse/expand forest view children
  * top: parent %CPU time includes collapsed children
  * top: improve xterm support for vim navigation keys
  * top: avoid segmentation fault at program termination
  * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)


The following package changes have been done:

- libprocps8-3.3.17-150000.7.37.1 added
- procps-3.3.17-150000.7.37.1 added