Oracle Linux 8 : sysstat (ELSA-2023-2800)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-2800 advisory. 11.7.3-9.0.1 - add mpstat -H option to also display physically hotplugged vCPUs Orabug: 34683071 11.7.3-9 - add -f flag to force fdatasync after sa file update...

CVE-2022-39377

CVE-2022-39377 affects sysstat on 32-bit Linux, where allocate_structures in sa_common.c may overflow size calculations during arithmetic, enabling possible remote code execution. The issue stems from insufficient bounds checking before multiplication, tied to an incomplete fix; versions up to 12...