安全公告详情

NS-SA-2019-0077

2019-07-17 14:58:23

简介

important: kernel/mod_auth_mellon security update

严重级别

important

主题

An update for kernel/mod_auth_mellon is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: The python-perf package contains a module that permits applications written in the Python programming language to use the interface to manipulate perf events.
mod_auth_mellon: The mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server.


Security Fix(es):
kernel: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.(CVE-2017-15121)
kernel: A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events.(CVE-2017-15126)
kernel: An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-7294)
kernel: A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system.(CVE-2019-6974)
kernel: A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.(CVE-2019-7221)
kernel: bugfix
mod_auth_mellon: A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.(CVE-2019-3877)
mod_auth_mellon: A vulnerability was found in mod_auth_mellon. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.(CVE-2019-3878)
mod_auth_mellon: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F13.

影响组件

  • kernel
  • mod_auth_mellon

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.noarch.rpm","kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133.src.rpm"},{"binary":["mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.x86_64.rpm","mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpm","mod_auth_mellon-debuginfo-0.14.0-2.el7_6.4.x86_64.rpm"],"source":"mod_auth_mellon-0.14.0-2.el7_6.4.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.noarch.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite.src.rpm"},{"binary":["mod_auth_mellon-0.14.0-2.el7_6.4.x86_64.rpm","mod_auth_mellon-debuginfo-0.14.0-2.el7_6.4.x86_64.rpm","mod_auth_mellon-diagnostics-0.14.0-2.el7_6.4.x86_64.rpm"],"source":"mod_auth_mellon-0.14.0-2.el7_6.4.src.rpm"}]}]}

CVE

参考