Fedora Linux 8482 Published by

A sysstat security update has been released for Fedora 37.



[SECURITY] Fedora 37 Update: sysstat-12.6.2-2.fc37

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-4706cef256
2023-07-20 05:17:50.037082
--------------------------------------------------------------------------------

Name : sysstat
Product : Fedora 37
Version : 12.6.2
Release : 2.fc37
URL : http://sebastien.godard.pagesperso-orange.fr/
Summary : Collection of performance monitoring tools for Linux
Description :
The sysstat package contains the sar, sadf, mpstat, iostat, tapestat,
pidstat, cifsiostat and sa tools for Linux.
The sar command collects and reports system activity information.
The information collected by sar can be saved in a file in a binary
format for future inspection. The statistics reported by sar concern
I/O transfer rates, paging activity, process-related activities,
interrupts, network activity, memory and swap space utilization, CPU
utilization, kernel activities and TTY statistics, among others. Both
UP and SMP machines are fully supported.
The sadf command may be used to display data collected by sar in
various formats (CSV, PCP, XML, etc.).
The iostat command reports CPU utilization and I/O statistics for disks.
The tapestat command reports statistics for tapes connected to the system.
The mpstat command reports global and per-processor statistics.
The pidstat command reports statistics for Linux tasks (processes).
The cifsiostat command reports I/O statistics for CIFS file systems.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-33204
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 7 2023 psimovec [psimovec@redhat.com] - 12.6.2-2
- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2208270 - CVE-2023-33204 sysstat: check_overflow() function can work incorrectly that lead to an overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2208270
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-4706cef256' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------