February 16th, 2023
The system could crash or be made to run programs as an administrator.
Package(s) : linux-image-ql-generic,
qlustar-module-core-bionic-amd64-11.0.1,
qlustar-module-core-focal-amd64-12.0.2,
qlustar-module-core-centos7-amd64-12.0.2,
qlustar-module-core-jammy-amd64-13.0,
qlustar-module-core-centos8-amd64-13.0
Qlustar releases : 11.0, 12.0, 13
Affected versions: All versions prior to this update
Vulnerability : privilege escalation/denial of service
Problem type : local
Qlustar-specific : no
CVE Id(s) : Not documented
A number of vulnerabilities and bugs have been discovered in the 5.15.x Linux kernel series since the last Qlustar 13.0 release based on 5.15.82. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.15.82 up to the current Qlustar kernel 5.15.93:
Linux kernel 5.15.93 Linux kernel 5.15.92 Linux kernel 5.15.91 Linux kernel 5.15.90 Linux kernel 5.15.89 Linux kernel 5.15.88 Linux kernel 5.15.87 Linux kernel 5.15.86 Linux kernel 5.15.85 Linux kernel 5.15.84 Linux kernel 5.15.83
A number of vulnerabilities and bugs have been discovered in the 5.4.x Linux kernel series since the last Qlustar 12.0 release based on 5.4.226. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.4.226 up to the current Qlustar kernel 5.4.231:
Linux kernel 5.4.231 Linux kernel 5.4.230 Linux kernel 5.4.229 Linux kernel 5.4.228 Linux kernel 5.4.227
A number of vulnerabilities and bugs have been discovered in the 4.19.x Linux kernel series since the last Qlustar 11.0 release based on 4.19.269. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 4.19.269 up to the current Qlustar kernel 4.19.272:
Linux kernel 4.19.272 Linux kernel 4.19.271 Linux kernel 4.19.270
The problem can be corrected by updating your system to the following or more recent package versions:
linux-image-ql-generic 5.15.93-ql-generic-13.0-3
qlustar-module-core-jammy-amd64-13.0 13.0.1-b564f1472
qlustar-module-core-centos8-amd64-13.0 13.0.1-b564f1472
linux-image-ql-generic 5.4.231-ql-generic-12.0-22
qlustar-module-core-focal-amd64-12.0.2 12.0.2.1-b560f1473
qlustar-module-core-centos7-amd64-12.0.2 12.0.2.1-b560f1473
linux-image-ql-generic 4.19.272-ql-generic-11.0-36
qlustar-module-core-bionic-amd64-11.0.1 11.0.1.20-b562f1471
In addition to the steps described in the general Qlustar Update Instructions these updates require the following:
# openssl x509 -dates -in /etc/ssl/certs/qlustar-ca-cert.pem | grep notAfter
To regenerate the certificate with unlimited validity execute
# qluman-ldap-cli --update-certs
before rebooting the whole cluster.
Please note that we no longer provide 12.x AlmaLinux 8 modules for Qlustar 12. If you want to
use AlmaLinux 8 under Qlustar 12, please switch to the 13.x image modules and create a
corresponding chroot for it.