NS-SA-2023-0107
2023-07-15 14:19:23
简介
important: kernel security update
严重级别
important
主题
An update for kernel is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
kernel: This package provides *.ipa-clones files.
Security Fix(es):
kernel: A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.(CVE-2021-4037)
kernel: A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system.(CVE-2022-1729)
kernel: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.E0CP1B1.
影响组件
影响产品
更新包
{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["kernel-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm","perf-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm"],"source":"kernel-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.src.rpm"}]}]}
CGSL MAIN 6.02
- kernel-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.src.rpm
- kernel-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-debuginfo-common-x86_64-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- python3-perf-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- bpftool-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-tools-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-debug-debuginfo-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
- perf-4.18.0-193.14.2.el8_2.cgslv6_2.667.2.g8fbbf5ece.x86_64.rpm
CVE
参考