Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678550 (CVE-2018-19517) - <app-admin/sysstat-[12.0.3,12.1.2}: Out of bounds read in remap_struct function in sa_common.c
Summary: <app-admin/sysstat-[12.0.3,12.1.2}: Out of bounds read in remap_struct functi...
Alias: CVE-2018-19517
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa cve]
Depends on:
Reported: 2019-02-22 07:44 UTC by Agostino Sarubbo
Modified: 2019-04-04 23:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-02-22 07:44:04 UTC
From ${URL} :

An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as 
demonstrated by sadf.

Upstream issue:

Upstream patch:

@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2019-02-22 09:31:10 UTC
The bug has been referenced in the following commit(s):

commit b57ce53cb0a17c010d0e16143137b0ca7269a2c2
Author:     Jeroen Roovers <>
AuthorDate: 2019-02-22 09:30:37 +0000
Commit:     Jeroen Roovers <>
CommitDate: 2019-02-22 09:31:03 +0000

    app-admin/sysstat: Old
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Jeroen Roovers <>

 app-admin/sysstat/Manifest              |  1 -
 app-admin/sysstat/sysstat-12.0.2.ebuild | 85 ---------------------------------
 2 files changed, 86 deletions(-)
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2019-02-22 09:32:11 UTC
2018/12/14: Version 12.0.3 - Sebastien Godard (sysstat <at>
        * sadf: Fix out of bound reads security issues (CVE-2018-19416 and

2018/12/14: Version 12.1.2 - Sebastien Godard (sysstat <at>
        * sadf: Fix out of bound reads security issues (CVE-2018-19416 and
          CVE-2018-19517) [12.0.3].
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2019-02-22 09:33:31 UTC
No vulnerable versions are left in the tree now.