安全公告详情

NS-SA-2021-0126

2021-09-24 00:31:58

简介

moderate: kernel/poppler security update

严重级别

moderate

主题

An update for kernel/poppler is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: This package provides kernel headers and makefiles sufficient to build modules against the debug kernel package.
poppler: This package provides debug information for package poppler-glib. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
kernel: A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens.(CVE-2019-19767)
kernel: A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)
kernel: A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.(CVE-2020-25705)
kernel: bugfix
poppler: A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service.(CVE-2019-14494)
poppler: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.60B5.

影响组件

  • kernel
  • poppler

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debug-modules-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-ipaclones-internal-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-selftests-internal-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debug-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-cross-headers-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-sign-keys-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-abi-whitelists-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.noarch.rpm","kernel-debug-devel-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-doc-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.noarch.rpm","kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debug-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-tools-libs-devel-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debug-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","kernel-debug-core-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm","perf-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.x86_64.rpm"],"source":"kernel-4.18.0-193.14.2.el8_2.cgslv6_2.19.376.gb6156ee3f.src.rpm"},{"binary":["poppler-cpp-devel-0.66.0-27.el8.x86_64.rpm","poppler-devel-0.66.0-27.el8.x86_64.rpm","poppler-cpp-0.66.0-27.el8.x86_64.rpm","poppler-cpp-debuginfo-0.66.0-27.el8.x86_64.rpm","poppler-qt5-devel-0.66.0-27.el8.x86_64.rpm","poppler-utils-debuginfo-0.66.0-27.el8.x86_64.rpm","poppler-qt5-debuginfo-0.66.0-27.el8.x86_64.rpm","poppler-glib-devel-0.66.0-27.el8.x86_64.rpm","poppler-qt5-0.66.0-27.el8.x86_64.rpm","poppler-glib-doc-0.66.0-27.el8.noarch.rpm","poppler-glib-debuginfo-0.66.0-27.el8.x86_64.rpm","poppler-debugsource-0.66.0-27.el8.x86_64.rpm","poppler-debuginfo-0.66.0-27.el8.x86_64.rpm","poppler-glib-0.66.0-27.el8.x86_64.rpm","poppler-utils-0.66.0-27.el8.x86_64.rpm","poppler-0.66.0-27.el8.x86_64.rpm"],"source":"poppler-0.66.0-27.el8.src.rpm"}]}]}

CVE

参考