[QSA-0724191] Linux kernel vulnerabilities
Qlustar Security Advisory 0724191
July 24th, 2019
Summary:
The system could crash or be made to run programs as an administrator.
Package(s) : linux-image-ql-generic, qlustar-module-core-xenial-amd64-10.1.1, qlustar-module-core-bionic-amd64-11.0.0, qlustar-module-core-centos7-amd64-11.0.0 Qlustar releases : 10.1, 11.0 Affected versions: All versions prior to this update Vulnerability : privilege escalation/denial of service Problem type : local Qlustar-specific : no CVE Id(s) : Not documented
A number of vulnerabilities and bugs have been discovered in the 4.19.x Linux kernel series since the last Qlustar 11.0 release based on 4.19.53. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 4.19.53 up to the current Qlustar kernel 4.19.60:
Linux kernel 4.19.60 Linux kernel 4.19.59 Linux kernel 4.19.58 Linux kernel 4.19.57 Linux kernel 4.19.56 Linux kernel 4.19.54
A number of vulnerabilities and bugs have been discovered in the 4.14.x Linux kernel series since the last Qlustar 10.1 release based on 4.14.128. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 4.14.128 up to the current Qlustar kernel 4.14.134:
Linux kernel 4.14.134 Linux kernel 4.14.133 Linux kernel 4.14.132 Linux kernel 4.14.131 Linux kernel 4.14.130 Linux kernel 4.14.129
Update instructions:
The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):
For Qlustar 11.0
linux-image-ql-generic 4.19.60-ql-generic-11.0-9 qlustar-module-core-bionic-amd64-11.0.0 11.0.0.2-b514f1260 qlustar-module-core-centos7-amd64-11.0.0 11.0.0.2-b514f1260
For Qlustar 10.1
linux-image-ql-generic 4.14.134-ql-generic-10.1-20 qlustar-module-core-xenial-amd64-10.1.1 10.1.1.6-b509f1261