安全公告详情

NS-SA-2020-0021

2020-03-04 10:24:28

简介

important: kernel/python-reportlab security update

严重级别

important

主题

An update for kernel/python-reportlab is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
python-reportlab: Python PDF generation library.


Security Fix(es):
kernel: The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable.(CVE-2017-17805)
kernel: A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.(CVE-2018-12207)
kernel: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.(CVE-2018-17972)
kernel: A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker.(CVE-2018-9568)
kernel: A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs.(CVE-2019-0154)
kernel: A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly.(CVE-2019-0155)
kernel: A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.(CVE-2019-11135)
kernel: A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.(CVE-2019-1125)
kernel: A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free.(CVE-2019-11810)
kernel: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)
kernel: An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)
kernel: A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.(CVE-2019-5489)
kernel: bugfix
python-reportlab: A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution.(CVE-2019-17626)
python-reportlab: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F17.

影响组件

  • kernel
  • python-reportlab

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["kernel-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-debug-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-devel-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-doc-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.noarch.rpm","kernel-abi-whitelists-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.noarch.rpm","kernel-debug-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-debug-devel-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-firmware-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.noarch.rpm","kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","kernel-headers-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","perf-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","python-perf-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm","python-perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.x86_64.rpm"],"source":"kernel-2.6.32-642.13.1.el6.cgslv4_5.0.149.g46fdcf6.src.rpm"},{"binary":["python-reportlab-2.3-3.el6_10.1.x86_64.rpm","python-reportlab-debuginfo-2.3-3.el6_10.1.x86_64.rpm","python-reportlab-docs-2.3-3.el6_10.1.noarch.rpm"],"source":"python-reportlab-2.3-3.el6_10.1.src.rpm"}]}]}

CVE

参考