Описание
ELSA-2019-2411: kernel security update (IMPORTANT)
- [4.18.0-80.7.2_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
[4.18.0-80.7.2_0]
- [x86] x86/entry/64: Use JMP instead of JMPQ (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/cpufeatures: Carve out CQM features retrieval (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [kernel] ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (Aristeu Rozanski) [1730958 1730959] {CVE-2019-13272}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-80.7.2.el8_0
Oracle Linux x86_64
bpftool
4.18.0-80.7.2.el8_0
kernel
4.18.0-80.7.2.el8_0
kernel-abi-whitelists
4.18.0-80.7.2.el8_0
kernel-core
4.18.0-80.7.2.el8_0
kernel-cross-headers
4.18.0-80.7.2.el8_0
kernel-debug
4.18.0-80.7.2.el8_0
kernel-debug-core
4.18.0-80.7.2.el8_0
kernel-debug-devel
4.18.0-80.7.2.el8_0
kernel-debug-modules
4.18.0-80.7.2.el8_0
kernel-debug-modules-extra
4.18.0-80.7.2.el8_0
kernel-devel
4.18.0-80.7.2.el8_0
kernel-doc
4.18.0-80.7.2.el8_0
kernel-headers
4.18.0-80.7.2.el8_0
kernel-modules
4.18.0-80.7.2.el8_0
kernel-modules-extra
4.18.0-80.7.2.el8_0
kernel-tools
4.18.0-80.7.2.el8_0
kernel-tools-libs
4.18.0-80.7.2.el8_0
kernel-tools-libs-devel
4.18.0-80.7.2.el8_0
perf
4.18.0-80.7.2.el8_0
python3-perf
4.18.0-80.7.2.el8_0
Связанные CVE
Связанные уязвимости
ELSA-2019-4746: Unbreakable Enterprise kernel security update (IMPORTANT)
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mish ...