NS-SA-2024-0041
2024-08-27 12:03:30
简介
important: device-mapper-multipath/nss security update
严重级别
important
主题
An update for device-mapper-multipath/nss is now available for NewStart CGSL MAIN 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
device-mapper-multipath:
nss:
Security Fix(es):
device-mapper-multipath: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.(CVE-2022-41974)
device-mapper-multipath: bugfix
nss: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.(CVE-2023-0767)
nss: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F55B12.
影响组件
- device-mapper-multipath
- nss
影响产品
更新包
{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm","device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm","device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm","libdmmp-0.4.9-136.el7_9.x86_64.rpm","libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm","kpartx-0.4.9-136.el7_9.x86_64.rpm","device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm","device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm"],"source":"device-mapper-multipath-0.4.9-136.el7_9.src.rpm"},{"binary":["nss-pkcs11-devel-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm","nss-devel-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm","nss-debuginfo-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm","nss-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm","nss-sysinit-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm","nss-tools-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm"],"source":"nss-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.src.rpm"}]}]}
CGSL MAIN 5.04
- device-mapper-multipath-0.4.9-136.el7_9.src.rpm
- device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm
- device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm
- device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm
- libdmmp-0.4.9-136.el7_9.x86_64.rpm
- libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm
- kpartx-0.4.9-136.el7_9.x86_64.rpm
- device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm
- device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm
- nss-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.src.rpm
- nss-pkcs11-devel-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm
- nss-devel-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm
- nss-debuginfo-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm
- nss-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm
- nss-sysinit-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm
- nss-tools-3.79.0-5.el7_9.cgslv5.0.1.gee551f6.x86_64.rpm
CVE
参考