Package: procps Version: 2:4.0.3-1 Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
We have a very scant report of a ps buffer overflow security bug. Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. We don't know the versions impacted, we don't know how to cause it. We have that single sentence. Once (any) details are given we will update this bug and the gitlab issue. I made the severity important because I'm not even sure its a real bug yet. References: https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/issues/297 -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-10-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages procps depends on: ii init-system-helpers 1.65.2 ii libc6 2.36-9+deb12u1 ii libncursesw6 6.4-4 ii libproc2-0 2:4.0.3-1 ii libtinfo6 6.4-4 Versions of packages procps recommends: ii psmisc 23.6-1 procps suggests no packages. -- no debconf information
