安全公告详情

NS-SA-2022-0073

2022-05-08 20:54:49

简介

important: polkit/kernel security update

严重级别

important

主题

An update for polkit/kernel is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

polkit: This package provides debug information for package polkit. Debug information is useful when developing applications that use this package or when debugging this package.
kernel: This package provides debug information for package kernel-tools.


Security Fix(es):
polkit: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.(CVE-2021-4034)
polkit: bugfix
kernel: A use-after-free flaw was found in the Linux kernel’s cgroupv2 subsystem when rebooting the system. This flaw allows a local user to crash the system or escalate their privileges. The highest threat from this vulnerability is to system availability.(CVE-2020-14356)
kernel: A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14381)
kernel: A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25211)
kernel: A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-29661)
kernel: A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.(CVE-2021-22555)
kernel: A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-23133)
kernel: A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.(CVE-2021-33033)
kernel: A use after free flaw in the Linux kernel network block device (NBD) subsystem was found in the way user calls an ioctl NBD_SET_SOCK at a certain point during device setup.(CVE-2021-3348)
kernel: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3612)
kernel: A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-37576)
kernel: A flaw was found in the Linux kernel that allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. The highest threat from this vulnerability is to system availability.(CVE-2021-38201)
kernel: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.80CP2B9.

影响组件

  • polkit
  • kernel

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["polkit-libs-debuginfo-0.115-13.el8_5.1.x86_64.rpm","polkit-0.115-13.el8_5.1.x86_64.rpm","polkit-docs-0.115-13.el8_5.1.noarch.rpm","polkit-debuginfo-0.115-13.el8_5.1.x86_64.rpm","polkit-devel-0.115-13.el8_5.1.x86_64.rpm","polkit-libs-0.115-13.el8_5.1.x86_64.rpm"],"source":"polkit-0.115-13.el8_5.1.src.rpm"},{"binary":["kernel-debug-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-doc-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.noarch.rpm","bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debug-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-tools-libs-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","perf-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-abi-whitelists-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.noarch.rpm","kernel-modules-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-ipaclones-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-selftests-internal-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debug-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debug-modules-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-sign-keys-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debug-core-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-cross-headers-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debug-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm","kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.x86_64.rpm"],"source":"kernel-4.18.0-193.14.2.el8_2.cgslv6_2.419.27.g8dd645d54.src.rpm"}]}]}

CVE

参考