#5335 closed enhancement (fixed)

procps-ng-4.0.4

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: high Milestone: 12.1
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (6)

comment:1 by Bruce Dubbs, 16 months ago

Owner: changed from lfs-book to Bruce Dubbs
Status: newassigned

in reply to:  2 comment:3 by Xi Ruoyao, 16 months ago

Replying to Xi Ruoyao:

FTBFS on systemd.

Fix available at https://gitlab.com/procps-ng/procps/-/commit/ca004d4657d5e8b468a4552ede429be53193a3a9.

Workaround: make src_w_LDADD='$(LDADD) -lsystemd'

comment:4 by Xi Ruoyao, 16 months ago

procps-ng-4.0.4

  • library (API & ABI unchanged)
    • increment revision: 0:2:0
    • tolerates all potential 'cpuinfo' formats issue #272
    • restore the proper main thread tics valuations issue #280
    • Remove myself from proc count merge #193
    • Refactor the escape code Debian #1035649
  • free: -L one line output issue #156
  • pgrep: Use only --signal option for signal Debian #1031765
  • pgrep: suppress >15 warning if using regex Debian #1037450
  • pidof: Add -t option to show threads merge #190
  • pmap: Reset totals between processes issue #298
  • ps: fixed missing or corrupted fields with -m option Debian #1036631, issue #279
  • ps: Fix buffer overflow in -C option CVE-2023-4016 Debian #1042887, issue #297
  • ps: Add --signames to show signal names in masks merge #98
  • sysctl: -N show names merge #198, RH #2222056
  • tests: dont compare floats with == issue #271
  • tests: skips tests if maps missing merge #197, Gentoo #583036
  • top: bad command line arguments yield EXIT_FAILURE issue #273
  • top: avoids keystroke induced '%Cpu' distortions
  • top: includes VM (guest) tics in 'system' overhead issue #274
  • top: includes VM (guest) tics with '!' toggle merge #179
  • top: lessen summary cpu distortions on first display merge #180
  • top: better backspace handling wtth line edits issue #278
  • vmstat: Print guest time in non-wide mode
  • w: Fix musl UT_HOSTSIZE issue
  • watch: Add color support at compile time issue #296

comment:5 by Xi Ruoyao, 16 months ago

Priority: normalhigh

CVE-2023-4016 is a vulnerability with low severity. To exploit it the attacker must trick the user to run a script with some strange patterns in a "ps -C ..." command.

Still marking it as a security fix though.

comment:6 by Bruce Dubbs, 16 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.