RHBA-2012:0021 - Bug Fix Advisory

Topic

An updated procinfo package that fixes one bug is now available for Red Hat
Enterprise Linux 5.

Description

The procinfo package contains a set of system utilities providing users with
system information. The procinfo package includes the following commands:
procinfo, lsdev, socklist.

This update fixes the following bug:

• Previously, the procinfo command calculated the system idle time in a way that

caused arithmetic overflows. As a consequence, procinfo displayed the system
idle time incorrectly, which eventually resulted in buffer overflows. With this
update, procinfo has been modified to convert variables to a larger data type
before they are used in the calculation so that procinfo now always displays the
system idle time correctly. Buffer overflows no longer occur under these
circumstances. (BZ#769857)

All users of procinfo are advised to upgrade to this updated package, which
fixes this bug.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 769857 - procinfo command gets buffer overflow for hms calculations

CVEs

(none)

References

(none)