[QSA-0427212] Security Update Bundle
Qlustar Security Advisory 0427212
April 27th, 2021
A Qlustar security update bundle is a cumulative update of packages that are taken from
upstream Debian/Ubuntu without modification. Only packages that are used in a typical
HPC/Storage cluster installation are mentioned in Qlustar Security Advisories. Other
non-HPC related updates also enter the Qlustar repository, but their functionality is not
separately verified by the Qlustar team. To track these updates subscribe to the general
security mailing lists of Debian/Ubuntu and/or CentOS.
Package(s) : see upstream description of individual package Qlustar releases : 11.0, 12.0 Affected versions: All versions prior to this update Vulnerability : see upstream description of individual package Problem type : see upstream description of individual package Qlustar-specific : no CVE Id(s) : see upstream description of individual package
This update includes several security related package updates from Debian/Ubuntu and
CentOS. The following list provides references to the upstream security report of the
corresponding packages. You can view the original upstream advisory by clicking on the
Relevant to Qlustar 12.0 and 11.0
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of
XInput extension ChangeFeedbackControl requests. An attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello
messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a
denial of service, or possibly execute arbitrary code.
CentOS 7.9 / 8.3 security updates
Please check the CentOS mailing list for details about CentOS 7/8 updates that entered
this release (everything from Mar 20th, 2021 to Apr 26th, 2021).
The problem can be corrected by updating your system to the following or more recent
package versions (follow the Qlustar Update Instructions and on Qlustar 11 also perform the manual steps '7. Migration to GRUB PXE booting' and '11. Adjust root bash shell initialization' as described in the Release Notes if you haven't done so yet):
For Qlustar 12.0
qlustar-module-core-focal-amd64-12.0.0 22.214.171.124-b536f1363 qlustar-module-core-centos7-amd64-12.0.0 126.96.36.199-b536f1363 qlustar-module-core-centos8-amd64-12.0.0 188.8.131.52-b536f1363
For Qlustar 11.0
qlustar-module-core-bionic-amd64-11.0.1 184.108.40.206-b533f1362 qlustar-module-core-centos7-amd64-11.0.1 220.127.116.11-b533f1362 qlustar-module-core-centos8-amd64-11.0.1 18.104.22.168-b533f1362