December 6th, 2024
The system could crash or be made to run programs as an administrator.
Package(s) : linux-image-ql-generic,
qlustar-module-core-focal-amd64-12.0.3,
qlustar-module-core-jammy-amd64-13.2,
Qlustar releases : 12.0, 13
Affected versions: All versions prior to this update
Vulnerability : privilege escalation/denial of service
Problem type : local
Qlustar-specific : no
CVE Id(s) : Not documented
A number of vulnerabilities and bugs have been discovered in the 5.15.x Linux kernel series since the last Qlustar 13.0 release based on 5.15.168. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.15.168 up to the current Qlustar kernel 5.15.173:
Linux kernel 5.15.173 Linux kernel 5.15.172 Linux kernel 5.15.171 Linux kernel 5.15.170 Linux kernel 5.15.169
A number of vulnerabilities and bugs have been discovered in the 5.4.x Linux kernel series since the last Qlustar 12.0 release based on 5.4.284. They may lead to a denial of service or privilege escalation. Please check the following web pages that contain details of the fixes in each release after 5.4.284 up to the current Qlustar kernel 5.4.286:
Linux kernel 5.4.286 Linux kernel 5.4.285
The problem can be corrected by updating your system to the following or more recent package versions:
linux-image-ql-generic 5.15.173-ql-generic-13.0-17
qlustar-module-core-jammy-amd64-13.2 13.2.3-b569f1552
linux-image-ql-generic 5.4.286-ql-generic-12.0-37
qlustar-module-core-focal-amd64-12.0.3 12.0.3.9-b566f1551
In addition to the steps described in the general Qlustar Update Instructions these updates require the following:
# openssl x509 -dates -in /etc/ssl/certs/qlustar-ca-cert.pem | grep notAfter
To regenerate the certificate with unlimited validity execute
# qluman-ldap-cli --update-certs
before rebooting the whole cluster.
Please note that we no longer provide 12.x AlmaLinux 8 modules for Qlustar 12. If you want to
use AlmaLinux 8 under Qlustar 12, please switch to the 13.x image modules and create a
corresponding chroot for it.