[ALAS-2013-200] Amazon Linux AMI 2012.09 - ALAS-2013-200: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2013-3235:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-3231:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-3224:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-3222:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2013-1929:
* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges.
CVE-2013-1773:
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
916115:
CVE-2013-1773 kernel: VFAT slab-based buffer overflow
* A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.
CVE-2013-1767:
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
915592:
CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object
* A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges.
CVE-2013-0914:
* An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
CVE-2012-6545:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
CVE-2012-6544:
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
- ID
- ALAS-2013-200
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2013-200.html
- Published
-
2013-06-11T22:45:00
(11 years ago) - Modified
-
2014-09-15T23:11:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2013-218
- DSA-2669-1
- ELSA-2013-0744
- ELSA-2013-1034
- ELSA-2013-1051
- ELSA-2013-1173
- ELSA-2013-1645
- ELSA-2013-2513
- ELSA-2013-2519
- ELSA-2013-2525
- ELSA-2013-2534
- ELSA-2013-2537
- ELSA-2013-2538
- ELSA-2013-2542
- ELSA-2013-2543
- ELSA-2013-2584
- ELSA-2013-2585
- FEDORA-2013-10695
- FEDORA-2013-12530
- FEDORA-2013-12990
- FEDORA-2013-13536
- FEDORA-2013-15151
- FEDORA-2013-16336
- FEDORA-2013-17010
- FEDORA-2013-17942
- FEDORA-2013-18364
- FEDORA-2013-18822
- FEDORA-2013-20748
- FEDORA-2013-21822
- FEDORA-2013-22695
- FEDORA-2013-3223
- FEDORA-2013-3630
- FEDORA-2013-3893
- FEDORA-2013-3909
- FEDORA-2013-4012
- FEDORA-2013-4240
- FEDORA-2013-4357
- FEDORA-2013-5368
- FEDORA-2013-6041
- FEDORA-2013-6537
- FEDORA-2013-6999
- FEDORA-2013-9123
- RHSA-2013:0744
- RHSA-2013:1051
- RHSA-2013:1173
- RHSA-2013:1645
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- USN-1599-1
- USN-1610-1
- USN-1648-1
- USN-1649-1
- USN-1652-1
- USN-1756-1
- USN-1760-1
- USN-1775-1
- USN-1776-1
- USN-1778-1
- USN-1787-1
- USN-1788-1
- USN-1792-1
- USN-1793-1
- USN-1794-1
- USN-1795-1
- USN-1796-1
- USN-1797-1
- USN-1798-1
- USN-1805-1
- USN-1808-1
- USN-1833-1
- USN-1834-1
- USN-1835-1
- USN-1836-1
- USN-1837-1
- USN-1838-1
- USN-1839-1
- USN-1849-1
- USN-1876-1
- USN-1877-1
- USN-1878-1
- USN-1879-1
- USN-1880-1
- USN-1881-1
- USN-1882-1
- USN-1883-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2012-6544 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6544 | |
CVE | CVE-2012-6545 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6545 | |
CVE | CVE-2013-0914 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914 | |
CVE | CVE-2013-1767 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767 | |
CVE | CVE-2013-1773 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1773 | |
CVE | CVE-2013-1929 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929 | |
CVE | CVE-2013-3222 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222 | |
CVE | CVE-2013-3224 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224 | |
CVE | CVE-2013-3231 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231 | |
CVE | CVE-2013-3235 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux | kernel-doc | < 3.4.48-45.46.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 3.4.48-45.46.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 3.4.48-45.46.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |