安全公告详情

NS-SA-2022-0017

2022-05-08 18:10:44

简介

important: kernel/openssl security update

严重级别

important

主题

An update for kernel/openssl is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: This package contains the development files for the tools/ directory from the kernel source.
openssl: OpenSSL is a toolkit for supporting cryptography. The openssl-devel package contains include files needed to develop applications which support various cryptographic algorithms and protocols.


Security Fix(es):
kernel: A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14386)
kernel: bugfix
openssl: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.(CVE-2021-23841)
openssl: alls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)
openssl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F39B5.

影响组件

  • kernel
  • openssl

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.noarch.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.noarch.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1097.gea4f96b.src.rpm"},{"binary":["openssl-libs-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.x86_64.rpm","openssl-perl-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.x86_64.rpm","openssl-static-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.x86_64.rpm","openssl-devel-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.x86_64.rpm","openssl-debuginfo-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.x86_64.rpm","openssl-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.x86_64.rpm"],"source":"openssl-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.noarch.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.noarch.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1016.g981d201.lite.src.rpm"},{"binary":["openssl-perl-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm","openssl-devel-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm","openssl-crypto-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm","openssl-libs-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm","openssl-static-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm","openssl-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm","openssl-debuginfo-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.x86_64.rpm"],"source":"openssl-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite.src.rpm"}]}]}

CVE

参考