[ALAS-2013-252] Amazon Linux AMI 2012.09 - ALAS-2013-252: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2013-4470:
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
1023477:
CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO
CVE-2013-4348:
The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.
1007939:
CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()
- ID
- ALAS-2013-252
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2013-252.html
- Published
-
2013-12-02T20:30:00
(10 years ago) - Modified
-
2014-09-16T22:04:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ELSA-2013-1801
-
ELSA-2013-2587
-
ELSA-2013-2588
-
ELSA-2013-2589
-
ELSA-2014-3046
-
ELSA-2014-3049
-
FEDORA-2013-20547
-
FEDORA-2013-20705
-
FEDORA-2013-20748
-
FEDORA-2013-21807
-
FEDORA-2013-21822
-
FEDORA-2013-22669
-
FEDORA-2013-22695
-
FEDORA-2013-23653
-
FEDORA-2014-0684
-
FEDORA-2014-1072
-
FEDORA-2014-11008
-
FEDORA-2014-13020
-
FEDORA-2014-14068
-
FEDORA-2014-17244
-
FEDORA-2014-2606
-
FEDORA-2014-2887
-
FEDORA-2014-3448
-
FEDORA-2014-4360
-
FEDORA-2014-4849
-
FEDORA-2014-5609
-
FEDORA-2014-6354
-
FEDORA-2014-7320
-
FEDORA-2014-7426
-
FEDORA-2014-8487
-
FEDORA-2014-9142
-
FEDORA-2014-9449
-
RHSA-2013:1801
-
SUSE-SU-2015:0481-1
-
SUSE-SU-2015:0581-1
-
SUSE-SU-2015:0652-1
-
SUSE-SU-2015:0736-1
-
SUSE-SU-2015:1174-1
-
SUSE-SU-2015:1376-1
-
USN-2040-1
-
USN-2042-1
-
USN-2043-1
-
USN-2044-1
-
USN-2046-1
-
USN-2049-1
-
USN-2050-1
-
USN-2066-1
-
USN-2067-1
-
USN-2068-1
-
USN-2069-1
-
USN-2070-1
-
USN-2073-1
-
USN-2075-1
-
USN-2109-1
-
USN-2110-1
-
USN-2112-1
-
USN-2233-1
-
USN-2234-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2013-4348 |
|
|
| CVE | CVE-2013-4470 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 kernel
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
kernel-doc
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |