[ALAS-2013-252] Amazon Linux AMI 2012.09 - ALAS-2013-252: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2013-4470:
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
1023477:
CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO
CVE-2013-4348:
The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.
1007939:
CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()
- ID
- ALAS-2013-252
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2013-252.html
- Published
-
2013-12-02T20:30:00
(10 years ago) - Modified
-
2014-09-16T22:04:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ELSA-2013-1801
- ELSA-2013-2587
- ELSA-2013-2588
- ELSA-2013-2589
- ELSA-2014-3046
- ELSA-2014-3049
- FEDORA-2013-20547
- FEDORA-2013-20705
- FEDORA-2013-20748
- FEDORA-2013-21807
- FEDORA-2013-21822
- FEDORA-2013-22669
- FEDORA-2013-22695
- FEDORA-2013-23653
- FEDORA-2014-0684
- FEDORA-2014-1072
- FEDORA-2014-11008
- FEDORA-2014-13020
- FEDORA-2014-14068
- FEDORA-2014-17244
- FEDORA-2014-2606
- FEDORA-2014-2887
- FEDORA-2014-3448
- FEDORA-2014-4360
- FEDORA-2014-4849
- FEDORA-2014-5609
- FEDORA-2014-6354
- FEDORA-2014-7320
- FEDORA-2014-7426
- FEDORA-2014-8487
- FEDORA-2014-9142
- FEDORA-2014-9449
- RHSA-2013:1801
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- USN-2040-1
- USN-2042-1
- USN-2043-1
- USN-2044-1
- USN-2046-1
- USN-2049-1
- USN-2050-1
- USN-2066-1
- USN-2067-1
- USN-2068-1
- USN-2069-1
- USN-2070-1
- USN-2073-1
- USN-2075-1
- USN-2109-1
- USN-2110-1
- USN-2112-1
- USN-2233-1
- USN-2234-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2013-4348 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4348 | |
CVE | CVE-2013-4470 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux | kernel-doc | < 3.4.71-63.98.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 3.4.71-63.98.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 3.4.71-63.98.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |