important: kernel/dotnet3.1 security update
important
An update for kernel/dotnet3.1 is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
kernel: Kernel sample programs and selftests.
dotnet3.1: This package provides debug information for package dotnet-sdk-3.1. Debug information is useful when developing applications that use this package or when debugging this package.
Security Fix(es):
kernel: An out-of-bounds access flaw was found in the hclge_shaper_para_calc driver in the Linux kernel. Access to an array with an index higher than its maximum index will lead to an out-of-bounds access vulnerability. This could affect both data confidentiality and integrity as well as system availability.(CVE-2019-15925)
kernel: A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability.(CVE-2019-18808)
kernel: A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure.(CVE-2019-19046)
kernel: An out-of-bounds write flaw was found in the Linux kernel’s Ext4 FileSystem in the way it uses a crafted ext4 image. This flaw allows a local user with physical access to crash the system or potentially escalate their privileges on the system.(CVE-2019-19319)
kernel: An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.(CVE-2019-19332)
kernel: A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system.(CVE-2019-19524)
kernel: A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation.(CVE-2019-19537)
kernel: A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges.(CVE-2019-19543)
kernel: An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2019-20636)
kernel: A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation.(CVE-2019-9458)
kernel: A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.(CVE-2020-10732)
kernel: A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted permissions and without further processing. At this time, there is no known ability for an attacker to abuse this flaw.(CVE-2020-10751)
kernel: An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability.(CVE-2020-11565)
kernel: A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service (DoS). This could allow a local attacker with user privilege to crash the system or leak kernel internal information.(CVE-2020-11668)
kernel: A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)
kernel: An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)
kernel: An out-of-bounds (OOB) memory access flaw was found in the Network XDP (the eXpress Data Path) module in the Linux kernel's xdp_umem_reg function in net/xdp/xdp_umem.c. When a user with special user privilege of CAP_NET_ADMIN (or root) calls setsockopt to register umem ring on XDP socket, passing the headroom value larger than the available space in the chunk, it leads to an out-of-bounds write, causing panic or possible memory corruption. This flaw may lead to privilege escalation if a local end-user is granted permission to influence the execution of code in this manner.(CVE-2020-12659)
kernel: A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.(CVE-2020-12770)
kernel: A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)
kernel: A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14386)
kernel: A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures.(CVE-2020-8647)
kernel: A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system.(CVE-2020-8648)
kernel: A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console.(CVE-2020-8649)
kernel: bugfix
dotnet3.1: A flaw was found in ASP.NET. Certain cookie values are not properly decoded allowing a remote attacker to bypass the "Cookie Prefixes" security mechanism. The highest threat from this vulnerability is to data integrity(CVE-2020-1045)
dotnet3.1: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.50B5.