[ALAS-2014-392] Amazon Linux AMI 2012.09 - ALAS-2014-392: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2014-3153:
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system.
1103626:
CVE-2014-3153 kernel: futex: pi futexes requeue issue
CVE-2014-1739:
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
1109774:
CVE-2014-1739 Kernel: drivers: media: an information leakage
CVE-2014-0196:
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
1094232:
CVE-2014-0196 kernel: pty layer race condition leading to memory corruption
- ID
- ALAS-2014-392
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2014-392.html
- Published
-
2014-08-21T11:03:00
(10 years ago) - Modified
-
2014-09-19T11:43:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2014-339
-
ALAS-2014-363
-
CISA-2022:0525
-
CISA-2023:0512
-
DSA-2926-1
-
DSA-2949-1
-
ELSA-2014-0678
-
ELSA-2014-0771
-
ELSA-2014-0786
-
ELSA-2014-1971
-
ELSA-2014-3034
-
ELSA-2014-3037
-
ELSA-2014-3038
-
ELSA-2014-3039
-
ELSA-2014-3053
-
ELSA-2014-3054
-
ELSA-2014-3096
-
ELSA-2014-3104
-
FEDORA-2014-11008
-
FEDORA-2014-11031
-
FEDORA-2014-13020
-
FEDORA-2014-13045
-
FEDORA-2014-13558
-
FEDORA-2014-13773
-
FEDORA-2014-14068
-
FEDORA-2014-15200
-
FEDORA-2014-16632
-
FEDORA-2014-17244
-
FEDORA-2014-17283
-
FEDORA-2014-6122
-
FEDORA-2014-6354
-
FEDORA-2014-6357
-
FEDORA-2014-7033
-
FEDORA-2014-7128
-
FEDORA-2014-7320
-
FEDORA-2014-7426
-
FEDORA-2014-7430
-
FEDORA-2014-7863
-
FEDORA-2014-8171
-
FEDORA-2014-8487
-
FEDORA-2014-8519
-
FEDORA-2014-9010
-
FEDORA-2014-9142
-
FEDORA-2014-9449
-
FEDORA-2014-9466
-
FEDORA-2014-9959
-
FEDORA-2015-0515
-
FEDORA-2015-1672
-
FEDORA-2015-3594
-
FEDORA-2015-5024
-
FEDORA-2015-6294
-
FEDORA-2015-8518
-
RHSA-2013:0744
-
RHSA-2014:0678
-
RHSA-2014:0771
-
RHSA-2014:0786
-
RHSA-2014:1971
-
SUSE-SU-2015:0481-1
-
SUSE-SU-2015:0581-1
-
SUSE-SU-2015:0652-1
-
SUSE-SU-2015:0736-1
-
SUSE-SU-2015:1174-1
-
SUSE-SU-2015:1376-1
-
USN-2196-1
-
USN-2197-1
-
USN-2198-1
-
USN-2199-1
-
USN-2200-1
-
USN-2201-1
-
USN-2202-1
-
USN-2203-1
-
USN-2204-1
-
USN-2227-1
-
USN-2233-1
-
USN-2234-1
-
USN-2235-1
-
USN-2236-1
-
USN-2237-1
-
USN-2238-1
-
USN-2239-1
-
USN-2240-1
-
USN-2241-1
-
USN-2259-1
-
USN-2260-1
-
USN-2261-1
-
USN-2263-1
-
USN-2264-1
-
USN-2285-1
-
USN-2286-1
-
USN-2288-1
-
USN-2290-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2014-0196 |
|
|
| CVE | CVE-2014-1739 |
|
|
| CVE | CVE-2014-3153 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
kernel-doc
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |