[ALAS-2014-392] Amazon Linux AMI 2012.09 - ALAS-2014-392: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2014-3153:
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system.
1103626:
CVE-2014-3153 kernel: futex: pi futexes requeue issue
CVE-2014-1739:
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
1109774:
CVE-2014-1739 Kernel: drivers: media: an information leakage
CVE-2014-0196:
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
1094232:
CVE-2014-0196 kernel: pty layer race condition leading to memory corruption
- ID
- ALAS-2014-392
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2014-392.html
- Published
-
2014-08-21T11:03:00
(10 years ago) - Modified
-
2014-09-19T11:43:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2014-339
- ALAS-2014-363
- CISA-2022:0525
- CISA-2023:0512
- DSA-2926-1
- DSA-2949-1
- ELSA-2014-0678
- ELSA-2014-0771
- ELSA-2014-0786
- ELSA-2014-1971
- ELSA-2014-3034
- ELSA-2014-3037
- ELSA-2014-3038
- ELSA-2014-3039
- ELSA-2014-3053
- ELSA-2014-3054
- ELSA-2014-3096
- ELSA-2014-3104
- FEDORA-2014-11008
- FEDORA-2014-11031
- FEDORA-2014-13020
- FEDORA-2014-13045
- FEDORA-2014-13558
- FEDORA-2014-13773
- FEDORA-2014-14068
- FEDORA-2014-15200
- FEDORA-2014-16632
- FEDORA-2014-17244
- FEDORA-2014-17283
- FEDORA-2014-6122
- FEDORA-2014-6354
- FEDORA-2014-6357
- FEDORA-2014-7033
- FEDORA-2014-7128
- FEDORA-2014-7320
- FEDORA-2014-7426
- FEDORA-2014-7430
- FEDORA-2014-7863
- FEDORA-2014-8171
- FEDORA-2014-8487
- FEDORA-2014-8519
- FEDORA-2014-9010
- FEDORA-2014-9142
- FEDORA-2014-9449
- FEDORA-2014-9466
- FEDORA-2014-9959
- FEDORA-2015-0515
- FEDORA-2015-1672
- FEDORA-2015-3594
- FEDORA-2015-5024
- FEDORA-2015-6294
- FEDORA-2015-8518
- RHSA-2013:0744
- RHSA-2014:0678
- RHSA-2014:0771
- RHSA-2014:0786
- RHSA-2014:1971
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- USN-2196-1
- USN-2197-1
- USN-2198-1
- USN-2199-1
- USN-2200-1
- USN-2201-1
- USN-2202-1
- USN-2203-1
- USN-2204-1
- USN-2227-1
- USN-2233-1
- USN-2234-1
- USN-2235-1
- USN-2236-1
- USN-2237-1
- USN-2238-1
- USN-2239-1
- USN-2240-1
- USN-2241-1
- USN-2259-1
- USN-2260-1
- USN-2261-1
- USN-2263-1
- USN-2264-1
- USN-2285-1
- USN-2286-1
- USN-2288-1
- USN-2290-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2014-0196 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196 | |
CVE | CVE-2014-1739 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739 | |
CVE | CVE-2014-3153 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux | kernel-doc | < 3.10.53-56.140.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 3.10.53-56.140.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 3.10.53-56.140.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |