[ALAS-2017-845] Amazon Linux AMI 2014.03 - ALAS-2017-845: critical priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2017-1000371:
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIMIT_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365.
CVE-2017-1000371
CVE-2017-1000364:
CVE-2017-1000364
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp ed over, this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
- ID
- ALAS-2017-845
- Severity
- critical
- URL
- https://alas.aws.amazon.com/ALAS-2017-845.html
- Published
-
2017-06-19T08:58:00
(7 years ago) - Modified
-
2017-06-19T08:58:00
(7 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ASA-201706-28
- ASA-201706-30
- ASA-201706-31
- DSA-3886-1
- DSA-3981-1
- ELSA-2017-1482
- ELSA-2017-1484
- ELSA-2017-1486
- ELSA-2017-3587
- ELSA-2017-3592
- ELSA-2020-1524
- FEDORA-2017-05f10e29f4
- FEDORA-2017-d3ed702fe4
- FEDORA-2017-d7bc1b3056
- RHSA-2017:1484
- RHSA-2017:1486
- RHSA-2017:1616
- RHSA-2020:1524
- SSA:2017-177-01
- SSA:2017-180-01
- SSA:2017-184-01
- SUSE-SU-2017:1613-1
- SUSE-SU-2017:1615-1
- SUSE-SU-2017:1617-1
- SUSE-SU-2017:1618-1
- SUSE-SU-2017:1628-1
- SUSE-SU-2017:1696-1
- SUSE-SU-2017:1704-1
- SUSE-SU-2017:1706-1
- SUSE-SU-2017:1707-1
- SUSE-SU-2017:1735-1
- SUSE-SU-2017:1903-1
- SUSE-SU-2017:1904-1
- SUSE-SU-2017:1905-1
- SUSE-SU-2017:1906-1
- SUSE-SU-2017:1907-1
- SUSE-SU-2017:1908-1
- SUSE-SU-2017:1909-1
- SUSE-SU-2017:1910-1
- SUSE-SU-2017:1911-1
- SUSE-SU-2017:1912-1
- SUSE-SU-2017:1913-1
- SUSE-SU-2017:1914-1
- SUSE-SU-2017:1915-1
- SUSE-SU-2017:1922-1
- SUSE-SU-2017:1923-1
- SUSE-SU-2017:1924-1
- SUSE-SU-2017:1925-1
- SUSE-SU-2017:1937-1
- SUSE-SU-2017:1939-1
- SUSE-SU-2017:1941-1
- SUSE-SU-2017:1942-1
- SUSE-SU-2017:1943-1
- SUSE-SU-2017:1944-1
- SUSE-SU-2017:1945-1
- SUSE-SU-2017:1946-1
- SUSE-SU-2017:1990-1
- SUSE-SU-2017:2342-1
- USN-3324-1
- USN-3325-1
- USN-3326-1
- USN-3327-1
- USN-3328-1
- USN-3329-1
- USN-3330-1
- USN-3331-1
- USN-3332-1
- USN-3333-1
- USN-3334-1
- USN-3335-1
- USN-3335-2
- USN-3338-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2017-1000364 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 | |
CVE | CVE-2017-1000371 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000371 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux | kernel-doc | < 4.9.27-14.33.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.9.27-14.33.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 4.9.27-14.33.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |