安全公告详情

NS-SA-2019-0099

2019-07-17 15:00:44

简介

important: kernel/glibc security update

严重级别

important

主题

An update for kernel/glibc is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: The python-perf package contains a module that permits applications written in the Python programming language to use the interface to manipulate perf events.
glibc: Nscd caches name service lookups and can dramatically improve performance with NIS+, and may help with DNS as well.


Security Fix(es):
kernel: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.(CVE-2017-1000364)
kernel: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366)
kernel: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.(CVE-2017-2636)
kernel: The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.(CVE-2017-7645)
kernel: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.(CVE-2017-7895)
kernel: bugfix
glibc: An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778)
glibc: A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.(CVE-2015-8779)
glibc: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366)
glibc: It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)
glibc: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.(CVE-2014-9761)
glibc: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F4.

影响组件

  • kernel
  • glibc

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["kernel-2.6.32-642.13.1.el6.cgsl7442.x86_64.rpm","kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7259.noarch.rpm","kernel-debug-2.6.32-642.13.1.el6.cgsl7259.x86_64.rpm","kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7259.x86_64.rpm","kernel-devel-2.6.32-642.13.1.el6.cgsl7442.x86_64.rpm","kernel-doc-2.6.32-642.13.1.el6.cgsl7259.noarch.rpm","kernel-firmware-2.6.32-642.13.1.el6.cgsl7442.noarch.rpm","kernel-headers-2.6.32-642.13.1.el6.cgsl7442.x86_64.rpm","perf-2.6.32-642.13.1.el6.cgsl7259.x86_64.rpm"],"source":"kernel-2.6.32-642.13.1.el6.cgsl7442.src.rpm"},{"binary":["glibc-2.12-1.209.el6_9.2.2.x86_64.rpm","glibc-common-2.12-1.209.el6_9.2.2.x86_64.rpm","glibc-devel-2.12-1.209.el6_9.2.2.x86_64.rpm","glibc-headers-2.12-1.209.el6_9.2.2.x86_64.rpm","glibc-static-2.12-1.209.el6_9.2.2.x86_64.rpm","glibc-utils-2.12-1.192.el6.x86_64.rpm","nscd-2.12-1.209.el6_9.2.2.x86_64.rpm"],"source":"glibc-2.12-1.209.el6_9.2.2.src.rpm"}]}]}

CVE

参考