Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

sysstat: Arbitrary Code Execution — GLSA 202506-12

An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution.

Affected packages

Package app-admin/sysstat on all architectures
Affected versions < 12.6.2-r1
Unaffected versions >= 12.6.2-r1

Background

sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools.

Description

A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an incomplete fix for CVE-2022-39377.

Impact

On 32 bit systems, an integer overflow can be triggered when displaying activity data files.

Workaround

There is no known workaround at this time.

Resolution

All sysstat users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1"

References

Release date
June 15, 2025

Latest revision
June 15, 2025: 1

Severity
normal

Exploitable
local

Bugzilla entries