安全公告详情

NS-SA-2019-0028

2019-07-17 14:55:39

简介

important: kernel-rt/PackageKit security update

严重级别

important

主题

An update for kernel-rt/PackageKit is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel-rt: The kernel-rt package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. This kernel has been compiled with the RT patch applied and is intended for use in deterministic response-time situations
PackageKit: PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API.


Security Fix(es):
kernel-rt: /llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.(CVE-2015-2041)
kernel-rt: /rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.(CVE-2015-2042)
kernel-rt: The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.(CVE-2017-11600)
kernel-rt: A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation.(CVE-2017-13215)
kernel-rt: The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system.(CVE-2017-16939)
kernel-rt: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-8890)
kernel-rt: An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199)
kernel-rt: The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675)
kernel-rt: A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.(CVE-2018-1068)
kernel-rt: A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.(CVE-2018-3665)
kernel-rt: A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service.(CVE-2018-8897)
kernel-rt: bugfix
PackageKit: An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.(CVE-2018-1106)
PackageKit: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F6.

影响组件

  • kernel-rt
  • PackageKit

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.noarch.rpm","kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm"],"source":"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.src.rpm"},{"binary":["PackageKit-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-command-not-found-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-cron-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-debuginfo-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-glib-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-glib-devel-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-gstreamer-plugin-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-gtk3-module-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-yum-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-yum-plugin-1.1.5-2.el7.centos.x86_64.rpm"],"source":"PackageKit-1.1.5-2.el7.centos.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.noarch.rpm","kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm","kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.x86_64.rpm"],"source":"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5u4.0.87.gf7a5e0f.src.rpm"},{"binary":["PackageKit-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-command-not-found-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-cron-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-debuginfo-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-glib-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-glib-devel-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-gstreamer-plugin-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-gtk3-module-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-yum-1.1.5-2.el7.centos.x86_64.rpm","PackageKit-yum-plugin-1.1.5-2.el7.centos.x86_64.rpm"],"source":"PackageKit-1.1.5-2.el7.centos.src.rpm"}]}]}

CVE

参考