Описание
ELSA-2024-10384: tuned security update (IMPORTANT)
[2.24.0-2.0.1]
- Fix RPS/XPS and busy polling optimization not getting applied [Orabug: 32153315]
- Fix error in uninstalling tuned [Orabug: 351528377]
- Updated patch with the more recent version [Orabug: 30730976]
- Set AMD CPU freq governor to ondemand when unapplying cpu tunings [Orabug: 30033199]
- Restored the system rules in recommend.conf [Orabug: 29962987]
- Added oci-nic profile and updated profiles-oci-recommend [Orabug: 29869969] for increasing combined channels to 16 on NICs with bnxt_en driver on BM
- Do not access xps_cpus on single queue devices [Orabug: 29894296]
- OL8 does not support System Purpose [Orabug: 29443881] Remove syspurpose_role option in recommend.conf.
- Added profiles-oci-recommend package [Orabug: 29632202]
- Modified the patch for ol8 [Orabug: 29560068] (james.cheng@oracle.com)
- Added iscsi plugin, and
- added oci-rps-xps profile [Orabug: 28397039]
- added oci-busy-polling profile [Orabug: 28748149]
- added oci-cpu-power profile
[2.24.0-2]
- Fixed privileged execution of arbitrary scripts by active local user, (CVE-2024-52336) Resolves: RHEL-66639
- Added sanity checks for API methods parameters, (CVE-2024-52337) Resolves: RHEL-66616
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
tuned
2.24.0-2.0.1.el9_5
tuned-profiles-cpu-partitioning
2.24.0-2.0.1.el9_5
tuned-gtk
2.24.0-2.0.1.el9_5
tuned-ppd
2.24.0-2.0.1.el9_5
tuned-profiles-atomic
2.24.0-2.0.1.el9_5
tuned-profiles-mssql
2.24.0-2.0.1.el9_5
tuned-profiles-oracle
2.24.0-2.0.1.el9_5
tuned-profiles-postgresql
2.24.0-2.0.1.el9_5
tuned-profiles-spectrumscale
2.24.0-2.0.1.el9_5
tuned-utils
2.24.0-2.0.1.el9_5
tuned-profiles-oci
2.24.0-2.0.1.el9_5
tuned-profiles-oci-recommend
2.24.0-2.0.1.el9_5
Oracle Linux x86_64
tuned-profiles-oci
2.24.0-2.0.1.el9_5
tuned-profiles-oci-recommend
2.24.0-2.0.1.el9_5
tuned
2.24.0-2.0.1.el9_5
tuned-profiles-cpu-partitioning
2.24.0-2.0.1.el9_5
tuned-gtk
2.24.0-2.0.1.el9_5
tuned-ppd
2.24.0-2.0.1.el9_5
tuned-profiles-atomic
2.24.0-2.0.1.el9_5
tuned-profiles-mssql
2.24.0-2.0.1.el9_5
tuned-profiles-oracle
2.24.0-2.0.1.el9_5
tuned-profiles-postgresql
2.24.0-2.0.1.el9_5
tuned-profiles-spectrumscale
2.24.0-2.0.1.el9_5
tuned-utils
2.24.0-2.0.1.el9_5
Связанные CVE
Связанные уязвимости
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
