[ALAS-2016-703] Amazon Linux AMI 2014.03 - ALAS-2016-703: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2016-4581:
1333712:
CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt
CVE-2016-4565:
1310570:
CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
CVE-2016-4558:
1334303:
CVE-2016-4558 kernel: bpf: refcnt overflow
CVE-2016-4557:
1334307:
CVE-2016-4557 kernel: Use after free vulnerability via double fdput
CVE-2016-4486:
1333316:
CVE-2016-4486 kernel: Information leak in rtnetlink
CVE-2016-4485:
1333309:
CVE-2016-4485 kernel: Information leak in llc module
CVE-2016-3961:
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
1323956:
CVE-2016-3961 xsa174 xen: hugetlbfs use may crash PV Linux guests (XSA-174)
CVE-2016-0758:
A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.
1300257:
CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()
CVE-2015-8839:
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.
1323577:
CVE-2015-8839 kernel: ext4 filesystem page fault race condition with fallocate call.
- ID
- ALAS-2016-703
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2016-703.html
- Published
-
2016-05-18T14:00:00
(8 years ago) - Modified
-
2016-05-18T14:00:00
(8 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
DSA-3607-1
-
ELSA-2016-1033
-
ELSA-2016-1277
-
ELSA-2016-1406
-
ELSA-2016-2574
-
ELSA-2016-3559
-
ELSA-2016-3565
-
ELSA-2016-3570
-
ELSA-2016-3572
-
ELSA-2016-3573
-
ELSA-2016-3579
-
ELSA-2016-3596
-
ELSA-2017-1842
-
ELSA-2017-3514
-
ELSA-2017-3515
-
ELSA-2017-3516
-
FEDORA-2016-06f1572324
-
FEDORA-2016-373c063e79
-
FEDORA-2016-7f37d42add
-
FEDORA-2016-84fdc82b74
-
FEDORA-2016-8a1f49149e
-
FEDORA-2016-8e858f96b8
-
FEDORA-2016-a159c484e4
-
FEDORA-2016-ef973efab7
-
FEDORA-2016-f8739a80b0
-
RHSA-2016:1033
-
RHSA-2016:1051
-
RHSA-2016:1277
-
RHSA-2016:1301
-
RHSA-2016:1406
-
RHSA-2016:2574
-
RHSA-2016:2584
-
RHSA-2017:1842
-
RHSA-2017:2077
-
SUSE-SU-2016:1672-1
-
SUSE-SU-2016:1690-1
-
SUSE-SU-2016:1696-1
-
SUSE-SU-2016:1937-1
-
SUSE-SU-2016:1961-1
-
SUSE-SU-2016:1985-1
-
SUSE-SU-2016:1994-1
-
SUSE-SU-2016:1995-1
-
SUSE-SU-2016:2000-1
-
SUSE-SU-2016:2001-1
-
SUSE-SU-2016:2002-1
-
SUSE-SU-2016:2003-1
-
SUSE-SU-2016:2005-1
-
SUSE-SU-2016:2006-1
-
SUSE-SU-2016:2007-1
-
SUSE-SU-2016:2009-1
-
SUSE-SU-2016:2010-1
-
SUSE-SU-2016:2011-1
-
SUSE-SU-2016:2014-1
-
SUSE-SU-2016:2074-1
-
SUSE-SU-2016:2105-1
-
SUSE-SU-2016:2245-1
-
SUSE-SU-2017:0333-1
-
USN-2965-1
-
USN-2965-2
-
USN-2965-3
-
USN-2965-4
-
USN-2975-1
-
USN-2975-2
-
USN-2976-1
-
USN-2977-1
-
USN-2978-1
-
USN-2978-2
-
USN-2978-3
-
USN-2979-1
-
USN-2979-2
-
USN-2979-3
-
USN-2979-4
-
USN-2989-1
-
USN-2996-1
-
USN-2997-1
-
USN-2998-1
-
USN-3000-1
-
USN-3001-1
-
USN-3002-1
-
USN-3003-1
-
USN-3004-1
-
USN-3005-1
-
USN-3006-1
-
USN-3007-1
-
USN-3018-1
-
USN-3018-2
-
USN-3019-1
-
USN-3021-1
-
USN-3021-2
-
USN-3049-1
-
USN-3050-1
-
USN-3127-1
-
USN-3127-2
-
XSA-174
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2015-8839 |
|
|
| CVE | CVE-2016-0758 |
|
|
| CVE | CVE-2016-3961 |
|
|
| CVE | CVE-2016-4485 |
|
|
| CVE | CVE-2016-4486 |
|
|
| CVE | CVE-2016-4557 |
|
|
| CVE | CVE-2016-4558 |
|
|
| CVE | CVE-2016-4565 |
|
|
| CVE | CVE-2016-4581 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
kernel-doc
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.4.10-22.54.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |