安全公告详情

NS-SA-2024-0012

2024-04-12 10:37:43

简介

important: kernel/ruby security update

严重级别

important

主题

An update for kernel/ruby is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel:
ruby:


Security Fix(es):
kernel: A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service.(CVE-2023-30456)
kernel: bugfix
ruby: A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).(CVE-2023-28756)
ruby: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F52B5.

影响组件

  • kernel
  • ruby

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.src.rpm"},{"binary":["rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm"],"source":"ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.src.rpm"},{"binary":["rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm"],"source":"ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm"}]}]}
CGSL MAIN 5.04
  • kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.src.rpm
    • kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm
    • kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm
    • perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
    • kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
  • ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm
    • rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
CGSL CORE 5.04
  • kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.src.rpm
    • kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm
    • kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm
    • python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
    • python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
  • ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm
    • rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
    • ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
    • ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108