[ALAS-2016-648] Amazon Linux AMI 2014.03 - ALAS-2016-648: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-0723:
1296253:
CVE-2016-0723 kernel: Kernel memory disclosure and crash in tty layer
CVE-2015-8767:
1297389:
CVE-2015-8767 kernel: SCTP denial of service during timeout
CVE-2015-8709:
A privilege-escalation vulnerability was discovered in the Linux kernel built with User Namespace (CONFIG_USER_NS) support. The flaw occurred when the ptrace() system call was used on a root-owned process to enter a user namespace. A privileged namespace user could exploit this flaw to potentially escalate their privileges on the system, outside the original namespace.
1295287:
CVE-2015-8709 Kernel: ptrace: potential privilege escalation in user namespaces
CVE-2013-4312:
1297813:
CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted
- ID
- ALAS-2016-648
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2016-648.html
- Published
-
2016-02-09T13:30:00
(8 years ago) - Modified
-
2016-02-09T13:30:00
(8 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- DSA-3448-1
- DSA-3503-1
- ELSA-2016-0715
- ELSA-2016-0855
- ELSA-2016-1277
- ELSA-2016-2574
- ELSA-2016-3551
- ELSA-2016-3552
- ELSA-2016-3553
- ELSA-2016-3554
- ELSA-2016-3559
- ELSA-2016-3565
- ELSA-2016-3566
- ELSA-2016-3567
- ELSA-2016-3596
- FEDORA-2016-2f25d12c51
- FEDORA-2016-5d43766e33
- FEDORA-2016-6ce812a1e0
- RHSA-2016:0715
- RHSA-2016:0855
- RHSA-2016:1277
- RHSA-2016:1301
- RHSA-2016:2574
- RHSA-2016:2584
- SUSE-SU-2016:0585-1
- SUSE-SU-2016:0785-1
- SUSE-SU-2016:0911-1
- SUSE-SU-2016:1019-1
- SUSE-SU-2016:1031-1
- SUSE-SU-2016:1032-1
- SUSE-SU-2016:1033-1
- SUSE-SU-2016:1034-1
- SUSE-SU-2016:1035-1
- SUSE-SU-2016:1037-1
- SUSE-SU-2016:1038-1
- SUSE-SU-2016:1039-1
- SUSE-SU-2016:1040-1
- SUSE-SU-2016:1041-1
- SUSE-SU-2016:1045-1
- SUSE-SU-2016:1046-1
- SUSE-SU-2016:1102-1
- SUSE-SU-2016:1203-1
- SUSE-SU-2016:1764-1
- SUSE-SU-2016:2074-1
- SUSE-SU-2016:2245-1
- SUSE-SU-2016:2976-1
- SUSE-SU-2016:3069-1
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0575-1
- USN-2847-1
- USN-2848-1
- USN-2849-1
- USN-2850-1
- USN-2851-1
- USN-2852-1
- USN-2853-1
- USN-2854-1
- USN-2908-1
- USN-2908-2
- USN-2908-3
- USN-2929-1
- USN-2929-2
- USN-2930-1
- USN-2930-2
- USN-2930-3
- USN-2931-1
- USN-2932-1
- USN-2948-1
- USN-2967-1
- USN-2967-2
- USN-3083-1
- USN-3083-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2013-4312 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312 | |
CVE | CVE-2015-8709 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8709 | |
CVE | CVE-2015-8767 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767 | |
CVE | CVE-2016-0723 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0723 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux | kernel-doc | < 4.1.17-22.30.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.1.17-22.30.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 4.1.17-22.30.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |