kernel-3.10.0-1062.7.1.el7
エラータID: AXSA:2019-4426:07
リリース日:
2019/12/28 Saturday - 04:55
題名:
kernel-3.10.0-1062.7.1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- KVM ハイパーバイザーの Coalesced MMIO への書き込み操作の実装には、境
界外アクセス可能な問題があるため、/dev/kvm デバイスにアクセスできる一
般ユーザ、またはプロセスはこれを利用することにより、サービス拒否 (ホス
トカーネルのクラッシュ) 状態や権限昇格を可能とする脆弱性が存在します。
(CVE-2019-14821)
- net/ipv4/tcp_output.c には、TCP 接続の切断と再接続の間の書き込みキュー
の処理に不具合があるため、ローカルの攻撃者は複数の解放後利用している状
態をトリガーとして、サービス拒否 (カーネルクラッシュ) 状態や権限昇格を
可能とする脆弱性が存在します。 (CVE-2019-15239)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-15239
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-3.10.0-1062.7.1.el7.src.rpm
MD5: 6561270fe8a0d970c9d4761f89d11ca4
SHA-256: 03eb6684456746807f856d6817864a9696666e3a745d09ed44842d5bd444edd3
Size: 98.71 MB
Asianux Server 7 for x86_64
- bpftool-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: e818f0ffbb119dd51cc2771db125d548
SHA-256: 8b8d1c741623308ac3da273c2cf9650dfcffe77502d7e225defeaea6265cd750
Size: 8.19 MB - kernel-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: 941d03183996e85aebedf07419a01ea0
SHA-256: cdfbb77463105ddb84b0f6b4b80a71d7e26b6b45d8f1fab74e42ce2773c2923e
Size: 49.76 MB - kernel-abi-whitelists-3.10.0-1062.7.1.el7.noarch.rpm
MD5: e9561f777fbdd39d1df0666c9cfa132c
SHA-256: 013765f9d20bfc57e17480b80920c5c39c0fcb3a93cead2c3a1daf35264a051d
Size: 7.76 MB - kernel-debug-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: ba87df9ba3771d0a75d9e0e5ea97adc9
SHA-256: 60390c31999de94f277a8b35a1e7b47849983bf4a0ecc3e1360b11e3c4064da8
Size: 52.04 MB - kernel-debug-devel-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: 69f1849726e0a1337b825eb4732d018f
SHA-256: fa7b69622484ad4bfd896164cb6d600d1ef2e34e227b320a511286a39fc5fa16
Size: 17.69 MB - kernel-devel-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: 3d6d89bba03bc4df2562162f479c49b4
SHA-256: b63d856a935c9063e02561ae11981a4b3ef7abebd700867c5051b5dc1965152b
Size: 17.62 MB - kernel-doc-3.10.0-1062.7.1.el7.noarch.rpm
MD5: edc086987c5e725d6ab222a346d17040
SHA-256: 114df53bc8177d6e23f1c71cbf90fbadb34c523372c636cc14fbd303edd31d6b
Size: 19.18 MB - kernel-headers-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: b16406526564268a70a89b971bbcf387
SHA-256: 8931b06be46db6d21ba3b98062dcdfa533786fc941814400fefc4a9029733f30
Size: 8.74 MB - kernel-tools-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: 6226ff2ee02a55c6bc863378f9ba7688
SHA-256: dca389335bb4404c2ca4ce3456003316780a895fdee3faf3d504284342b87bf8
Size: 7.85 MB - kernel-tools-libs-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: ae83385d7e3b3b7c138d8a0568f3772a
SHA-256: 2b04ff8bc7ea357640330d2c452e7f9d2c20b9cf19ee418b9c2f81e2c7e0079c
Size: 7.75 MB - perf-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: 6de9c4250d23915cb27b414b437a8d72
SHA-256: 714346ba5d82342777e892fc59285657b5cea846778f99ab9adff86419302218
Size: 9.39 MB - python-perf-3.10.0-1062.7.1.el7.x86_64.rpm
MD5: 740a62185b07bcf024c6e2c1745f36e0
SHA-256: c956746f2569f18397de59af1d499f4a33d6ad05df8c6dc35074dd3138f8b2f7
Size: 7.85 MB