An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution.
Package | app-admin/sysstat on all architectures |
---|---|
Affected versions | < 12.6.2-r1 |
Unaffected versions | >= 12.6.2-r1 |
sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools.
On 32 bit systems, an integer overflow can be triggered when displaying activity data files.
Arbitrary code execution can be achieved via sufficiently crafted malicious input.
There is no known workaround at this time.
All sysstat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1"
Release date
November 22, 2022
Latest revision
May 29, 2023: 2
Severity
normal
Exploitable
local
Bugzilla entries