[ALAS-2017-845] Amazon Linux AMI 2014.03 - ALAS-2017-845: critical priority package update for kernel

Severity Critical

Affected Packages 21

CVEs 2

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2017-1000371:
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIMIT_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365.
CVE-2017-1000371

CVE-2017-1000364:
CVE-2017-1000364
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp ed over, this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Package	Affected Version
pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1	< 4.9.27-14.33.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1	< 4.9.27-14.33.amzn1

ID

ALAS-2017-845

Severity

critical

URL

https://alas.aws.amazon.com/ALAS-2017-845.html

Published

2017-06-19T08:58:00
(7 years ago)

Modified

2017-06-19T08:58:00
(7 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2017-1000364		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
CVE	CVE-2017-1000371		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000371

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1	amazonlinux	perf	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1	amazonlinux	perf	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	perf-debuginfo	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	perf-debuginfo	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools-devel	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools-devel	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools-debuginfo	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools-debuginfo	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-headers	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-headers	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1	amazonlinux	kernel-doc	< 4.9.27-14.33.amzn1	amazonlinux-1	noarch
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-devel	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-devel	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-debuginfo	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-debuginfo	< 4.9.27-14.33.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-debuginfo-common-x86_64	< 4.9.27-14.33.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-debuginfo-common-i686	< 4.9.27-14.33.amzn1	amazonlinux-1	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date