NS-SA-2024-0012
2024-04-12 10:37:43
简介
important: kernel/ruby security update
严重级别
important
主题
An update for kernel/ruby is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
kernel:
ruby:
Security Fix(es):
kernel: A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service.(CVE-2023-30456)
kernel: bugfix
ruby: A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS).(CVE-2023-28756)
ruby: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F52B5.
影响组件
影响产品
- CGSL MAIN 5.04
- CGSL CORE 5.04
更新包
{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.src.rpm"},{"binary":["rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm"],"source":"ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.src.rpm"},{"binary":["rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm","ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm","ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm"],"source":"ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm"}]}]}
CGSL MAIN 5.04
- kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.src.rpm
- kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm
- kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.noarch.rpm
- perf-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1277.g8566f7b.x86_64.rpm
- ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm
- rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
CGSL CORE 5.04
- kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.src.rpm
- kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm
- kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.noarch.rpm
- python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1129.gbc67d2e.lite.x86_64.rpm
- ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.src.rpm
- rubygem-rake-0.9.6-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-tcltk-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-psych-2.0.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- ruby-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- ruby-irb-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- rubygem-bigdecimal-1.2.0-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-io-console-0.4.2-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-rdoc-4.0.0-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- rubygems-devel-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-debuginfo-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygem-minitest-4.3.2-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-devel-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- rubygems-2.0.14.1-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- rubygem-json-1.7.7-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
- ruby-doc-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.noarch.rpm
- ruby-libs-2.0.0.648-36.el7.cgslv5_4.0.4.g64a5576.x86_64.rpm
CVE
参考