安全公告详情

NS-SA-2019-0113

2019-07-17 15:01:51

简介

important: kernel/samba security update

严重级别

important

主题

An update for kernel/samba is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: The python-perf package contains a module that permits applications written in the Python programming language to use the interface to manipulate perf events.
samba: Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.


Security Fix(es):
kernel: It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-10088)
kernel: When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.(CVE-2016-6136)
kernel: A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.(CVE-2016-7910)
kernel: It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-9576)
kernel: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.(CVE-2017-1000251)
kernel: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.(CVE-2017-1000253)
kernel: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.(CVE-2017-6074)
kernel: bugfix
samba: A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions.(CVE-2017-2619)
samba: An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.(CVE-2017-12163)
samba: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.(CVE-2017-12150)
samba: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F7.

影响组件

  • kernel
  • samba

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["kernel-2.6.32-642.13.1.el6.cgsl7546.x86_64.rpm","kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7442.noarch.rpm","kernel-debug-2.6.32-642.13.1.el6.cgsl7442.x86_64.rpm","kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7442.x86_64.rpm","kernel-devel-2.6.32-642.13.1.el6.cgsl7546.x86_64.rpm","kernel-doc-2.6.32-642.13.1.el6.cgsl7442.noarch.rpm","kernel-firmware-2.6.32-642.13.1.el6.cgsl7546.noarch.rpm","kernel-headers-2.6.32-642.13.1.el6.cgsl7546.x86_64.rpm","perf-2.6.32-642.13.1.el6.cgsl7546.x86_64.rpm"],"source":"kernel-2.6.32-642.13.1.el6.cgsl7546.src.rpm"},{"binary":["libsmbclient-3.6.23-45.el6_9.x86_64.rpm","samba-3.6.23-45.el6_9.x86_64.rpm","samba-client-3.6.23-45.el6_9.x86_64.rpm","samba-common-3.6.23-45.el6_9.x86_64.rpm","samba-winbind-3.6.23-45.el6_9.x86_64.rpm","samba-winbind-clients-3.6.23-45.el6_9.x86_64.rpm"],"source":"samba-3.6.23-45.el6_9.src.rpm"}]}]}

CVE

参考