[QSA-1029221]
Linux kernel vulnerabilities
Qlustar Security Advisory 1029221
October 29th, 2022
Summary:
The system could crash or be made to run programs as an administrator.
Package(s) : linux-image-ql-generic,
qlustar-module-core-bionic-amd64-11.0.1,
qlustar-module-core-focal-amd64-12.0.1,
qlustar-module-core-centos7-amd64-12.0.1,
qlustar-module-core-centos8-amd64-12.0.1
Qlustar releases : 11.0, 12.0
Affected versions: All versions prior to this update
Vulnerability : privilege escalation/denial of service
Problem type : local
Qlustar-specific : no
CVE Id(s) : Not documented
A number of vulnerabilities and bugs have been discovered in the 5.4.x Linux kernel series since the last Qlustar 12.0 release based on 5.4.209. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.4.209 up to the current Qlustar kernel 5.4.220:
Linux kernel 5.4.220 Linux kernel 5.4.219 Linux kernel 5.4.218 Linux kernel 5.4.217 Linux kernel 5.4.216 Linux kernel 5.4.215 Linux kernel 5.4.214 Linux kernel 5.4.213 Linux kernel 5.4.212 Linux kernel 5.4.211 Linux kernel 5.4.210
A number of vulnerabilities and bugs have been discovered in the 4.19.x Linux kernel series since the last Qlustar 11.0 release based on 4.19.254. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 4.19.254 up to the current Qlustar kernel 4.19.262:
Linux kernel 4.19.262 Linux kernel 4.19.261 Linux kernel 4.19.260 Linux kernel 4.19.259 Linux kernel 4.19.258 Linux kernel 4.19.257 Linux kernel 4.19.256 Linux kernel 4.19.255
Update instructions:
The problem can be corrected by updating your system to the following or more recent package versions:
For Qlustar 12.0
linux-image-ql-generic 5.4.220-ql-generic-12.0-20
qlustar-module-core-focal-amd64-12.0.1 12.0.1.1-b548f1445
qlustar-module-core-centos7-amd64-12.0.1 12.0.1.1-b548f1445
qlustar-module-core-centos8-amd64-12.0.1 12.0.1.1-b548f1445
For Qlustar 11.0
linux-image-ql-generic 4.19.262-ql-generic-11.0-34
qlustar-module-core-bionic-amd64-11.0.1 11.0.1.18-b549f1444
Special Update instructions:
In addition to the steps described in the general Qlustar Update Instructions these updates require the following:
- On Qlustar 12, also perform the following manual steps if you haven’t done so yet: Write the
dnsmasq and slurm config with QluMan before rebooting. If your cluster was installed with a
release earlier than 12.0.0.8-b546f1425 you will have to generate new LDAP certificates at
some point since the earlier ones were generated with a 1 year validity. Now they are
generated with an unlimited validity. To check the expiration date execute
# openssl x509 -dates -in /etc/ssl/certs/qlustar-ca-cert.pem | grep notAfterTo regenerate the certificate with unlimited validity execute
# qluman-ldap-cli --update-certsbefore rebooting the whole cluster.
- On Qlustar 11: Also perform the manual steps ‘7. Migration to GRUB PXE booting’ and ‘11. Adjust root bash shell initialization’ as described in the Release Notes if you haven’t done so yet.