[ALAS-2014-368] Amazon Linux AMI 2012.09 - ALAS-2014-368: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2014-4608:
1113899:
CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow
** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is not affected; media hype."
CVE-2014-4508:
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
1111590:
CVE-2014-4508 Kernel: x86_32: BUG in syscall auditing
CVE-2014-4014:
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
1107966:
CVE-2014-4014 Kernel: possible privilege escalation in user namespace
CVE-2014-0206:
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.
1094602:
CVE-2014-0206 kernel: aio: insufficient sanitization of head in aio_read_events_ring()
- ID
- ALAS-2014-368
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2014-368.html
- Published
-
2014-07-09T16:29:00
(10 years ago) - Modified
-
2014-09-19T10:33:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ELSA-2014-0786
- ELSA-2014-1392
- ELSA-2014-3096
- ELSA-2020-5934
- ELSA-2020-5936
- FEDORA-2014-11008
- FEDORA-2014-11031
- FEDORA-2014-13020
- FEDORA-2014-13045
- FEDORA-2014-13558
- FEDORA-2014-13773
- FEDORA-2014-14068
- FEDORA-2014-15200
- FEDORA-2014-16632
- FEDORA-2014-17244
- FEDORA-2014-17283
- FEDORA-2014-7426
- FEDORA-2014-7430
- FEDORA-2014-7863
- FEDORA-2014-8171
- FEDORA-2014-8487
- FEDORA-2014-8519
- FEDORA-2014-9010
- FEDORA-2014-9142
- FEDORA-2014-9449
- FEDORA-2014-9466
- FEDORA-2014-9959
- FEDORA-2015-0515
- FEDORA-2015-1672
- FEDORA-2015-3594
- FEDORA-2015-5024
- FEDORA-2015-6294
- FEDORA-2015-8518
- FREEBSD:D1F5E12A-FD5A-11E3-A108-080027EF73EC
- RHSA-2014:0786
- RHSA-2014:1392
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- USN-2285-1
- USN-2286-1
- USN-2287-1
- USN-2289-1
- USN-2332-1
- USN-2333-1
- USN-2334-1
- USN-2336-1
- USN-2337-1
- USN-2415-1
- USN-2416-1
- USN-2417-1
- USN-2418-1
- USN-2419-1
- USN-2420-1
- USN-2421-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2014-0206 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0206 | |
CVE | CVE-2014-4014 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014 | |
CVE | CVE-2014-4508 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508 | |
CVE | CVE-2014-4608 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux | kernel-doc | < 3.10.48-55.140.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 3.10.48-55.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 3.10.48-55.140.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |