kernel-3.10.0-1127.8.2.el7
エラータID: AXSA:2020-121:05
リリース日:
2020/06/10 Wednesday - 02:29
題名:
kernel-3.10.0-1127.8.2.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- kernel/trace/trace.c の allocate_trace_buffer() には、二重開放を引き
起こすことを可能とする脆弱性が存在します。 (CVE-2017-18595)
- kernel/trace/blktrace.c の __blk_add_trace() には、解放後使用 (読み
取り) を引き起こすことを可能とする脆弱性が存在します。(CVE-2019-19768)
- SELinux サブシステムには、Commercial IP Security Option(CIPSO) プロ
トコルのカテゴリビットマップを SELinux 拡張可能ビットマップにインポー
トする際に NULL ポインタデリファレンスの問題を引き起こすため、リモート
ネットワークユーザにより、ebitmap_netlbl_import() を介して、サービス拒
否 (システムクラッシュ) 状態を引き起こすことを可能とする脆弱性が存在し
ます。 (CVE-2020-10711)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-18595
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-3.10.0-1127.8.2.el7.src.rpm
MD5: 0c104a51352a4089aa46c8dccfdaaf16
SHA-256: df06d85b2acaf45f9ca6480230e4e82f3efcd6eb275284792a098165bf845846
Size: 99.30 MB
Asianux Server 7 for x86_64
- bpftool-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: 9fcd61932d6ca10ba032ce079a2cd6a3
SHA-256: 3b430a3ad84deb211137784e2fc3db706022b2a8a13a46cf6dbd48ce60dc2e5c
Size: 8.39 MB - kernel-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: e3ea524b6060273192747db049503866
SHA-256: 21745b3f398f01301ca4059f14ed33fb46f3a8b3f9542098a7cbd63d290479e8
Size: 50.21 MB - kernel-abi-whitelists-3.10.0-1127.8.2.el7.noarch.rpm
MD5: d9c66e17daa5cc1ae283657322efeb64
SHA-256: d1bdecb87a97d36d47a5cb848484cd9c2fbc2bbd1d1d80953856e5fd2a251679
Size: 7.96 MB - kernel-debug-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: 7a0aeb3e7ef23ff44dabe9c8fd1144fc
SHA-256: 34cf15364c23267c4d8230c56a735e85203867e41ce716608c8ec23abe137605
Size: 52.49 MB - kernel-debug-devel-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: 643eba46c4c2bca106d61d697a170df8
SHA-256: d4d65bd0a8f4df422d3002773212b72e45590081a845fc4783036c283890198c
Size: 17.93 MB - kernel-devel-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: e02aa134632443e396b0d31e71f0d393
SHA-256: ca70b93abe4a1433fa4edfc4d4feee5c0855d422b17cbe4e9ce2d96d24a10246
Size: 17.86 MB - kernel-doc-3.10.0-1127.8.2.el7.noarch.rpm
MD5: e296b2d445e68efe6d6990f4ff64b2fd
SHA-256: 32dbb214f656e78c607f0569bdc0432053509887c98f4b211035ba088cf64b1b
Size: 19.42 MB - kernel-headers-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: 088452f50ebfe8e8e5af5baed549f2d6
SHA-256: b8a3d2dd4bd0e775599ee48389d4e1c07576a02ebc8d69750e579d9316ed4140
Size: 8.95 MB - kernel-tools-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: b28f3fc0201b42b2b8ddd2655d34ddf4
SHA-256: 9ace96f0fa8273f568e55c5d51d3f2372591635e68c8b3783c04308bcb7c2d5a
Size: 8.04 MB - kernel-tools-libs-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: cf35bf3219c1c77649d65d7f414d21e8
SHA-256: 54f21c28fba955992afe5b53cabeabfa2d80dadb76fb44a0ddc2968847227256
Size: 7.95 MB - perf-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: 02d7bc6b4711465fd8a47239e393e9a4
SHA-256: 41ac5cf695761c2f7ff69e84e0a5da7f80a1411f42cb2cd99698ceb0e90aa9c9
Size: 9.59 MB - python-perf-3.10.0-1127.8.2.el7.x86_64.rpm
MD5: 7d2fc93feb39de6560f543028d15615f
SHA-256: aa1703495d8790b86a0447d2c696715dccc5cdbbc48fae72d2cdcdd262741936
Size: 8.04 MB