Security update for sysstat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0012-1 Final 1 1 2025-01-03T16:51:05Z current 2025-01-03T16:51:05Z 2025-01-03T16:51:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sysstat This update for sysstat fixes the following issues: - CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) - CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-SAP-BYOS-2025-12,Image SLES12-SP5-Azure-SAP-On-Demand-2025-12,Image SLES12-SP5-EC2-SAP-BYOS-2025-12,Image SLES12-SP5-EC2-SAP-On-Demand-2025-12,Image SLES12-SP5-GCE-SAP-BYOS-2025-12,Image SLES12-SP5-GCE-SAP-On-Demand-2025-12,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2025-12,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2025-12,SUSE-2025-12,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-12 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250012-1/ Link for SUSE-SU-2025:0012-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020061.html E-Mail link for SUSE-SU-2025:0012-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1205224 SUSE Bug 1205224 https://bugzilla.suse.com/1211507 SUSE Bug 1211507 https://www.suse.com/security/cve/CVE-2022-39377/ SUSE CVE CVE-2022-39377 page https://www.suse.com/security/cve/CVE-2023-33204/ SUSE CVE CVE-2023-33204 page Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 sysstat-12.0.2-20.23.1 sysstat-isag-12.0.2-20.23.1 sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production sysstat-12.0.2-20.23.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production sysstat-12.0.2-20.23.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 sysstat-isag-12.0.2-20.23.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. CVE-2022-39377 Image SLES12-SP5-Azure-SAP-BYOS:sysstat-12.0.2-20.23.1 Image SLES12-SP5-Azure-SAP-On-Demand:sysstat-12.0.2-20.23.1 Image SLES12-SP5-EC2-SAP-BYOS:sysstat-12.0.2-20.23.1 Image SLES12-SP5-EC2-SAP-On-Demand:sysstat-12.0.2-20.23.1 Image SLES12-SP5-GCE-SAP-BYOS:sysstat-12.0.2-20.23.1 Image SLES12-SP5-GCE-SAP-On-Demand:sysstat-12.0.2-20.23.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:sysstat-12.0.2-20.23.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:sysstat-12.0.2-20.23.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:sysstat-12.0.2-20.23.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:sysstat-isag-12.0.2-20.23.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250012-1/ https://www.suse.com/security/cve/CVE-2022-39377.html CVE-2022-39377 https://bugzilla.suse.com/1205224 SUSE Bug 1205224 https://bugzilla.suse.com/1211507 SUSE Bug 1211507 sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVE-2023-33204 Image SLES12-SP5-Azure-SAP-BYOS:sysstat-12.0.2-20.23.1 Image SLES12-SP5-Azure-SAP-On-Demand:sysstat-12.0.2-20.23.1 Image SLES12-SP5-EC2-SAP-BYOS:sysstat-12.0.2-20.23.1 Image SLES12-SP5-EC2-SAP-On-Demand:sysstat-12.0.2-20.23.1 Image SLES12-SP5-GCE-SAP-BYOS:sysstat-12.0.2-20.23.1 Image SLES12-SP5-GCE-SAP-On-Demand:sysstat-12.0.2-20.23.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:sysstat-12.0.2-20.23.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:sysstat-12.0.2-20.23.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:sysstat-12.0.2-20.23.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:sysstat-isag-12.0.2-20.23.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250012-1/ https://www.suse.com/security/cve/CVE-2023-33204.html CVE-2023-33204 https://bugzilla.suse.com/1211507 SUSE Bug 1211507 https://bugzilla.suse.com/1217270 SUSE Bug 1217270