安全公告详情

NS-SA-2023-0017

2023-04-11 10:31:16

简介

important: kernel/gnome-online-accounts security update

严重级别

important

主题

An update for kernel/gnome-online-accounts is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: This package contains the perf tool, which enables performance monitoring of the Linux kernel.
gnome-online-accounts: This package provides debug information for package gnome-online-accounts. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
kernel: A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14386)
kernel: A flaw was found in the Linux kernel?s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.(CVE-2021-22543)
kernel: A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.(CVE-2021-22555)
kernel: A flaw was found in the Linux kernel?s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-32399)
kernel: A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3715)
kernel: A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-37576)
kernel: A random memory access flaw was found in the Linux kernel?s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.(CVE-2022-0330)
kernel: A vulnerability was found in the Linux kernel?s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.(CVE-2022-0492)
kernel: A use-after-free flaw was found in the Linux kernel?s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.(CVE-2022-1011)
kernel: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.(CVE-2022-1016)
kernel: An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)
kernel: A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.(CVE-2022-32250)
kernel: A memory leak flaw was found in bnx2x_tpa_stop in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c in the bnx2x sub-component in the Linux Kernel. This flaw may allow a local attacker to cause a denial of service.(CVE-2022-3542)
kernel: A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to to disclose sensitive information or crash the system, causing a denial of service.(CVE-2022-3586)
kernel: A vulnerability was found in intr_callback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely.(CVE-2022-3594)
kernel: An information disclosure vulnerability is found in stex_queuecommand_lck() in drivers/scsi/stex.c in the Linux Kernel. This flaw allows a local attacker to disclose sensitive information such as kernel space address.(CVE-2022-40768)
kernel: A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem (DVB API used by Digital TV devices) in how a user physically removed a USB device (such as a DVB demultiplexer device) while running malicious code. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-41218)
kernel: occat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.(CVE-2022-41850)
kernel: An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-43750)
kernel: bugfix
gnome-online-accounts: A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3.(CVE-2019-3820)
gnome-online-accounts: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F15B7.

影响组件

  • kernel
  • gnome-online-accounts

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.noarch.rpm","kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.noarch.rpm","kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","perf-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm","kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm"],"source":"kernel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.src.rpm"},{"binary":["gnome-online-accounts-3.28.2-1.el7.x86_64.rpm","gnome-online-accounts-debuginfo-3.28.2-1.el7.x86_64.rpm","gnome-online-accounts-devel-3.28.2-1.el7.x86_64.rpm"],"source":"gnome-online-accounts-3.28.2-1.el7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","perf-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.noarch.rpm","kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-core-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.noarch.rpm","kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm","bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm"],"source":"kernel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.src.rpm"},{"binary":["gnome-online-accounts-3.28.2-1.el7.x86_64.rpm","gnome-online-accounts-debuginfo-3.28.2-1.el7.x86_64.rpm","gnome-online-accounts-devel-3.28.2-1.el7.x86_64.rpm"],"source":"gnome-online-accounts-3.28.2-1.el7.src.rpm"}]}]}
CGSL MAIN 5.05
  • kernel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.src.rpm
    • kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.noarch.rpm
    • kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.noarch.rpm
    • kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • perf-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
    • kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.421.gee22493.x86_64.rpm
  • gnome-online-accounts-3.28.2-1.el7.src.rpm
    • gnome-online-accounts-3.28.2-1.el7.x86_64.rpm
    • gnome-online-accounts-debuginfo-3.28.2-1.el7.x86_64.rpm
    • gnome-online-accounts-devel-3.28.2-1.el7.x86_64.rpm
CGSL CORE 5.05
  • kernel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.src.rpm
    • kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • perf-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.noarch.rpm
    • kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-core-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.noarch.rpm
    • kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
    • bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.328.g4e62c58.lite.x86_64.rpm
  • gnome-online-accounts-3.28.2-1.el7.src.rpm
    • gnome-online-accounts-3.28.2-1.el7.x86_64.rpm
    • gnome-online-accounts-debuginfo-3.28.2-1.el7.x86_64.rpm
    • gnome-online-accounts-devel-3.28.2-1.el7.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108