Debian 10033 Published by

A sysstat security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a size_t overflow in sa_common.c on 32-bit systems.



ELA-731-1 sysstat security update

Package : sysstat

Version : 11.0.1-1+deb8u1 (jessie), 11.4.3-2+deb9u1 (stretch)

Related CVEs :
CVE-2022-39377

On 32 bit systems, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE).

  ELA-731-1 sysstat security update