[ALAS-2013-200] Amazon Linux AMI 2012.09 - ALAS-2013-200: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2013-3235:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-3231:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-3224:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-3222:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-1929:
* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges.
CVE-2013-1773:
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
916115:
CVE-2013-1773 kernel: VFAT slab-based buffer overflow
* A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.
CVE-2013-1767:
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
915592:
CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object
* A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges.
CVE-2013-0914:
* An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
CVE-2012-6545:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2012-6544:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
- ID
- ALAS-2013-200
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2013-200.html
- Published
-
2013-06-11T22:45:00
(11 years ago) - Modified
-
2014-09-15T23:11:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2013-218
-
DSA-2669-1
-
ELSA-2013-0744
-
ELSA-2013-1034
-
ELSA-2013-1051
-
ELSA-2013-1173
-
ELSA-2013-1645
-
ELSA-2013-2513
-
ELSA-2013-2519
-
ELSA-2013-2525
-
ELSA-2013-2534
-
ELSA-2013-2537
-
ELSA-2013-2538
-
ELSA-2013-2542
-
ELSA-2013-2543
-
ELSA-2013-2584
-
ELSA-2013-2585
-
FEDORA-2013-10695
-
FEDORA-2013-12530
-
FEDORA-2013-12990
-
FEDORA-2013-13536
-
FEDORA-2013-15151
-
FEDORA-2013-16336
-
FEDORA-2013-17010
-
FEDORA-2013-17942
-
FEDORA-2013-18364
-
FEDORA-2013-18822
-
FEDORA-2013-20748
-
FEDORA-2013-21822
-
FEDORA-2013-22695
-
FEDORA-2013-3223
-
FEDORA-2013-3630
-
FEDORA-2013-3893
-
FEDORA-2013-3909
-
FEDORA-2013-4012
-
FEDORA-2013-4240
-
FEDORA-2013-4357
-
FEDORA-2013-5368
-
FEDORA-2013-6041
-
FEDORA-2013-6537
-
FEDORA-2013-6999
-
FEDORA-2013-9123
-
RHSA-2013:0744
-
RHSA-2013:1051
-
RHSA-2013:1173
-
RHSA-2013:1645
-
SUSE-SU-2015:0481-1
-
SUSE-SU-2015:0581-1
-
SUSE-SU-2015:0652-1
-
SUSE-SU-2015:0736-1
-
SUSE-SU-2015:1174-1
-
SUSE-SU-2015:1376-1
-
USN-1599-1
-
USN-1610-1
-
USN-1648-1
-
USN-1649-1
-
USN-1652-1
-
USN-1756-1
-
USN-1760-1
-
USN-1775-1
-
USN-1776-1
-
USN-1778-1
-
USN-1787-1
-
USN-1788-1
-
USN-1792-1
-
USN-1793-1
-
USN-1794-1
-
USN-1795-1
-
USN-1796-1
-
USN-1797-1
-
USN-1798-1
-
USN-1805-1
-
USN-1808-1
-
USN-1833-1
-
USN-1834-1
-
USN-1835-1
-
USN-1836-1
-
USN-1837-1
-
USN-1838-1
-
USN-1839-1
-
USN-1849-1
-
USN-1876-1
-
USN-1877-1
-
USN-1878-1
-
USN-1879-1
-
USN-1880-1
-
USN-1881-1
-
USN-1882-1
-
USN-1883-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2012-6544 |
|
|
| CVE | CVE-2012-6545 |
|
|
| CVE | CVE-2013-0914 |
|
|
| CVE | CVE-2013-1767 |
|
|
| CVE | CVE-2013-1773 |
|
|
| CVE | CVE-2013-1929 |
|
|
| CVE | CVE-2013-3222 |
|
|
| CVE | CVE-2013-3224 |
|
|
| CVE | CVE-2013-3231 |
|
|
| CVE | CVE-2013-3235 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 kernel
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
kernel-doc
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |