[QSA-1019211] Linux kernel vulnerabilities
Qlustar Security Advisory 1019211
October 19th, 2021
Summary:
The system could crash or be made to run programs as an administrator.
Package(s) : linux-image-ql-generic,
qlustar-module-core-bionic-amd64-11.0.1,
qlustar-module-core-centos7-amd64-11.0.1,
qlustar-module-core-centos8-amd64-11.0.1,
qlustar-module-core-focal-amd64-12.0.0,
qlustar-module-core-centos7-amd64-12.0.0,
qlustar-module-core-centos8-amd64-12.0.0
Qlustar releases : 11.0, 12.0
Affected versions: All versions prior to this update
Vulnerability : privilege escalation/denial of service
Problem type : local
Qlustar-specific : no
CVE Id(s) : Not documented
A number of vulnerabilities and bugs have been discovered in the 5.4.x Linux kernel series since the last Qlustar 12.0 release based on 5.4.143. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.4.143 up to the current Qlustar kernel 5.4.153:
Linux kernel 5.4.153 Linux kernel 5.4.152 Linux kernel 5.4.151 Linux kernel 5.4.150 Linux kernel 5.4.149 Linux kernel 5.4.148 Linux kernel 5.4.147 Linux kernel 5.4.146 Linux kernel 5.4.145 Linux kernel 5.4.144
A number of vulnerabilities and bugs have been discovered in the 4.19.x Linux kernel series since the last Qlustar 11.0 release based on 4.19.205. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 4.19.205 up to the current Qlustar kernel 4.19.211:
Linux kernel 4.19.211 Linux kernel 4.19.210 Linux kernel 4.19.209 Linux kernel 4.19.208 Linux kernel 4.19.207 Linux kernel 4.19.206
Update instructions:
The problem can be corrected by updating your system to the following or more recent package versions:
For Qlustar 12.0
linux-image-ql-generic 5.4.153-ql-generic-12.0-12
qlustar-module-core-focal-amd64-12.0.0 12.0.0.7-b542f1400
qlustar-module-core-centos7-amd64-12.0.0 12.0.0.7-b542f1400
qlustar-module-core-centos8-amd64-12.0.0 12.0.0.7-b542f1400
For Qlustar 11.0
linux-image-ql-generic 4.19.211-ql-generic-11.0-27
qlustar-module-core-bionic-amd64-11.0.1 11.0.1.11-b543f1399
qlustar-module-core-centos7-amd64-11.0.1 11.0.1.11-b543f1399
qlustar-module-core-centos8-amd64-11.0.1 11.0.1.11-b543f1399
Special Update instructions:
In addition to the steps described in the general Qlustar Update Instructions these updates require the following:
- On Qlustar 12: Also write the dnsmasq config with QluMan before rebooting.
- On Qlustar 11: Also perform the manual steps ‘7. Migration to GRUB PXE booting’ and ‘11. Adjust root bash shell initialization’ as described in the Release Notes if you haven’t done so yet.