安全公告详情

NS-SA-2019-0200

2019-10-14 19:29:28

简介

important: kernel/zsh security update

严重级别

important

主题

An update for kernel/zsh is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
zsh: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.


Security Fix(es):
kernel: A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.(CVE-2019-1125)
kernel: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)
kernel: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)
kernel: bugfix
zsh: It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.(CVE-2018-13259)
zsh: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F18.

影响组件

  • kernel
  • zsh

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.noarch.rpm","kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6.src.rpm"},{"binary":["zsh-5.0.2-33.el7.x86_64.rpm","zsh-debuginfo-5.0.2-33.el7.x86_64.rpm","zsh-html-5.0.2-33.el7.x86_64.rpm"],"source":"zsh-5.0.2-33.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.noarch.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite.src.rpm"},{"binary":["zsh-5.0.2-33.el7.x86_64.rpm","zsh-debuginfo-5.0.2-33.el7.x86_64.rpm","zsh-html-5.0.2-33.el7.x86_64.rpm"],"source":"zsh-5.0.2-33.el7.src.rpm"}]}]}

CVE

参考