安全公告详情

NS-SA-2022-0026

2022-05-08 20:17:09

简介

important: kernel/389-ds-base security update

严重级别

important

主题

An update for kernel/389-ds-base is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: This package contains the development files for the tools/ directory from the kernel source.
389-ds-base: SNMP Agent for the 389 Directory Server base package.


Security Fix(es):
kernel: A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.(CVE-2018-19824)
kernel: A vulnerability was found in the Linux kernel’s core sound driver code. A use-after-free in a race condition between disconnection events could allow a local attacker who can trigger disconnection events (remove or add hardware) to crash the system, corrupt memory, or escalate privileges.(CVE-2019-15214)
kernel: An out-of-bounds flaw was found in the ALSA usb-audio subsystem in the Linux kernel. An array boundary check was needed to restrict the array size; failing this can cause an out-of-bound access problem. Data confidentiality and integrity, as well as system availability, are all threats with this vulnerability.(CVE-2019-15927)
kernel: An out-of-bounds write flaw was found in the Linux kernel’s HID drivers. An attacker, able to plug in a malicious USB device, can crash the system or read and write to memory with an incorrect address.(CVE-2019-19532)
kernel: A flaw was found in the Linux kernel’s implementation of the WiFi station handoff code. An attacker within the radio range could use this flaw to deny a valid device from joining the access point.(CVE-2019-5108)
kernel: A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)
kernel: A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)
kernel: A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25211)
kernel: A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)
kernel: A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)
kernel: A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.(CVE-2020-25705)
kernel: A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-29661)
kernel: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.(CVE-2021-20265)
kernel: A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system.(CVE-2021-27363)
kernel: A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability.(CVE-2021-27364)
kernel: A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-27365)
kernel: A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3347)
kernel: bugfix
389-ds-base: When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.(CVE-2020-35518)
389-ds-base: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F13B5.

影响组件

  • kernel
  • 389-ds-base

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","perf-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.noarch.rpm","kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.noarch.rpm","kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm","kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.x86_64.rpm"],"source":"kernel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d.src.rpm"},{"binary":["389-ds-base-snmp-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-debuginfo-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-devel-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-tests-1.3.10.2-12.el7_9.noarch.rpm","389-ds-base-libs-1.3.10.2-12.el7_9.x86_64.rpm"],"source":"389-ds-base-1.3.10.2-12.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.noarch.rpm","kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-core-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.noarch.rpm","kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","perf-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm","kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.x86_64.rpm"],"source":"kernel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite.src.rpm"},{"binary":["389-ds-base-snmp-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-debuginfo-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-devel-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-1.3.10.2-12.el7_9.x86_64.rpm","389-ds-base-tests-1.3.10.2-12.el7_9.noarch.rpm","389-ds-base-libs-1.3.10.2-12.el7_9.x86_64.rpm"],"source":"389-ds-base-1.3.10.2-12.el7_9.src.rpm"}]}]}

CVE

参考