安全公告详情

NS-SA-2019-0025

2019-07-17 14:55:39

简介

important: krb5/kernel security update

严重级别

important

主题

An update for krb5/kernel is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

krb5: Kerberos is a network authentication system. The libkadm5 package contains the libkadm5clnt and libkadm5serv shared objects, for use ONLY by kerberos itself. Do not depend on this package.
kernel: The python-perf package contains a module that permits applications written in the Python programming language to use the interface to manipulate perf events.


Security Fix(es):
krb5: An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.(CVE-2017-7562)
krb5: A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.(CVE-2017-11368)
krb5: bugfix
kernel: The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.(CVE-2017-11600)
kernel: A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation.(CVE-2017-13215)
kernel: The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system.(CVE-2017-16939)
kernel: An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199)
kernel: The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675)
kernel: A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.(CVE-2018-1068)
kernel: A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.(CVE-2018-3665)
kernel: A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service.(CVE-2018-8897)
kernel: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F6.

影响组件

  • krb5
  • kernel

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["libkadm5-1.15.1-19.el7.x86_64.rpm","krb5-debuginfo-1.15.1-19.el7.x86_64.rpm","krb5-devel-1.15.1-19.el7.x86_64.rpm","krb5-libs-1.15.1-19.el7.x86_64.rpm","krb5-pkinit-1.15.1-19.el7.x86_64.rpm","krb5-server-1.15.1-19.el7.x86_64.rpm","krb5-server-ldap-1.15.1-19.el7.x86_64.rpm","krb5-workstation-1.15.1-19.el7.x86_64.rpm"],"source":"krb5-1.15.1-19.el7.src.rpm"},{"binary":["python-perf-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.noarch.rpm","kernel-debug-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5u4.0.113.gdca0b39.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["libkadm5-1.15.1-19.el7.x86_64.rpm","krb5-debuginfo-1.15.1-19.el7.x86_64.rpm","krb5-devel-1.15.1-19.el7.x86_64.rpm","krb5-libs-1.15.1-19.el7.x86_64.rpm","krb5-pkinit-1.15.1-19.el7.x86_64.rpm","krb5-server-1.15.1-19.el7.x86_64.rpm","krb5-server-ldap-1.15.1-19.el7.x86_64.rpm","krb5-workstation-1.15.1-19.el7.x86_64.rpm"],"source":"krb5-1.15.1-19.el7.src.rpm"},{"binary":["kernel-devel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.noarch.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.noarch.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5u4lite.0.116.gcc6e0f4.src.rpm"}]}]}

CVE

参考