Hide Forgot
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Reference: https://github.com/sysstat/sysstat/issues/230 Upstream commit: https://github.com/sysstat/sysstat/commit/edbf507678bf10914e9804ff8a06737fdcb2e781
Created sysstat tracking bugs for this issue: Affects: fedora-all [bug 1768971]
Statement: This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable function, which was introduced in a newer version of the package.
The vulnerable function remap_struct() is used to map structures containing statistics from two different sysstat versions. This function was introduced upstream in version v11.7.1 with the following commit: https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-16167
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4638 https://access.redhat.com/errata/RHSA-2020:4638
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0633 https://access.redhat.com/errata/RHSA-2022:0633