安全公告详情

NS-SA-2020-0041

2020-09-07 19:57:18

简介

important: kernel/zsh security update

严重级别

important

主题

An update for kernel/zsh is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: This package contains the perf tool, which enables performance monitoring of the Linux kernel.
zsh: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.


Security Fix(es):
kernel: A vulnerability was found in the Linux kernel’s CX24116 tv-card driver, where an out of bounds read occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. An attacker could use this flaw to leak kernel private information to userspace.(CVE-2015-9289)
kernel: The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it.(CVE-2017-17807)
kernel: A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).(CVE-2018-20169)
kernel: A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks.(CVE-2019-14283)
kernel: A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as "Notice of Absence" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet.(CVE-2019-17666)
kernel: A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.(CVE-2019-19338)
kernel: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls.(CVE-2019-3901)
kernel: A flaw was found in the USB monitor driver of the Linux kernel. This flaw allows an attacker with physical access to the system to crash the system or potentially escalate their privileges.(CVE-2019-9456)
kernel: bugfix
zsh: A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report errors when unsetting the option, which prevented users from handling them as the documentation recommended. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2019-20044)
zsh: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F24.

影响组件

  • kernel
  • zsh

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.noarch.rpm","kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.src.rpm"},{"binary":["zsh-5.0.2-34.el7_7.2.x86_64.rpm","zsh-html-5.0.2-34.el7_7.2.x86_64.rpm","zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm"],"source":"zsh-5.0.2-34.el7_7.2.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["perf-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.noarch.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.noarch.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.src.rpm"},{"binary":["zsh-5.0.2-34.el7_7.2.x86_64.rpm","zsh-html-5.0.2-34.el7_7.2.x86_64.rpm","zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm"],"source":"zsh-5.0.2-34.el7_7.2.src.rpm"}]}]}
CGSL MAIN 5.04
  • kernel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.src.rpm
    • kernel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.noarch.rpm
    • kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.noarch.rpm
    • kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • perf-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • python-perf-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
    • python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.41.613.g62a9c8e.x86_64.rpm
  • zsh-5.0.2-34.el7_7.2.src.rpm
    • zsh-5.0.2-34.el7_7.2.x86_64.rpm
    • zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
    • zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
CGSL CORE 5.04
  • kernel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.src.rpm
    • perf-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.noarch.rpm
    • kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-core-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.noarch.rpm
    • kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • python-perf-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
    • python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.43.616.gf297bb0.lite.x86_64.rpm
  • zsh-5.0.2-34.el7_7.2.src.rpm
    • zsh-5.0.2-34.el7_7.2.x86_64.rpm
    • zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
    • zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108