[ALAS-2016-648] Amazon Linux AMI 2014.03 - ALAS-2016-648: medium priority package update for kernel
Severity
Medium
Affected Packages
21
CVEs
4
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-0723:
1296253:
CVE-2016-0723 kernel: Kernel memory disclosure and crash in tty layer
CVE-2015-8767:
1297389:
CVE-2015-8767 kernel: SCTP denial of service during timeout
CVE-2015-8709:
A privilege-escalation vulnerability was discovered in the Linux kernel built with User Namespace (CONFIG_USER_NS) support. The flaw occurred when the ptrace() system call was used on a root-owned process to enter a user namespace. A privileged namespace user could exploit this flaw to potentially escalate their privileges on the system, outside the original namespace.
1295287:
CVE-2015-8709 Kernel: ptrace: potential privilege escalation in user namespaces
CVE-2013-4312:
1297813:
CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted
- ID
- ALAS-2016-648
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2016-648.html
- Published
-
2016-02-09T13:30:00
(8 years ago) - Modified
-
2016-02-09T13:30:00
(8 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
DSA-3448-1
-
DSA-3503-1
-
ELSA-2016-0715
-
ELSA-2016-0855
-
ELSA-2016-1277
-
ELSA-2016-2574
-
ELSA-2016-3551
-
ELSA-2016-3552
-
ELSA-2016-3553
-
ELSA-2016-3554
-
ELSA-2016-3559
-
ELSA-2016-3565
-
ELSA-2016-3566
-
ELSA-2016-3567
-
ELSA-2016-3596
-
FEDORA-2016-2f25d12c51
-
FEDORA-2016-5d43766e33
-
FEDORA-2016-6ce812a1e0
-
RHSA-2016:0715
-
RHSA-2016:0855
-
RHSA-2016:1277
-
RHSA-2016:1301
-
RHSA-2016:2574
-
RHSA-2016:2584
-
SUSE-SU-2016:0585-1
-
SUSE-SU-2016:0785-1
-
SUSE-SU-2016:0911-1
-
SUSE-SU-2016:1019-1
-
SUSE-SU-2016:1031-1
-
SUSE-SU-2016:1032-1
-
SUSE-SU-2016:1033-1
-
SUSE-SU-2016:1034-1
-
SUSE-SU-2016:1035-1
-
SUSE-SU-2016:1037-1
-
SUSE-SU-2016:1038-1
-
SUSE-SU-2016:1039-1
-
SUSE-SU-2016:1040-1
-
SUSE-SU-2016:1041-1
-
SUSE-SU-2016:1045-1
-
SUSE-SU-2016:1046-1
-
SUSE-SU-2016:1102-1
-
SUSE-SU-2016:1203-1
-
SUSE-SU-2016:1764-1
-
SUSE-SU-2016:2074-1
-
SUSE-SU-2016:2245-1
-
SUSE-SU-2016:2976-1
-
SUSE-SU-2016:3069-1
-
SUSE-SU-2017:0333-1
-
SUSE-SU-2017:0575-1
-
USN-2847-1
-
USN-2848-1
-
USN-2849-1
-
USN-2850-1
-
USN-2851-1
-
USN-2852-1
-
USN-2853-1
-
USN-2854-1
-
USN-2908-1
-
USN-2908-2
-
USN-2908-3
-
USN-2929-1
-
USN-2929-2
-
USN-2930-1
-
USN-2930-2
-
USN-2930-3
-
USN-2931-1
-
USN-2932-1
-
USN-2948-1
-
USN-2967-1
-
USN-2967-2
-
USN-3083-1
-
USN-3083-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2013-4312 |
|
|
| CVE | CVE-2015-8709 |
|
|
| CVE | CVE-2015-8767 |
|
|
| CVE | CVE-2016-0723 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
kernel-doc
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |