[ALAS-2017-868] Amazon Linux AMI 2014.03 - ALAS-2017-868: critical priority package update for kernel
Severity
Critical
Affected Packages
21
CVEs
3
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2017-11176:
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact.
1470659:
CVE-2017-11176 kernel: Use-after-free in sys_mq_notify()
CVE-2017-1000112:
Exploitable memory corruption due to UFO to non-UFO path switch
CVE-2017-1000111:
heap out-of-bounds in AF_PACKET sockets
- ID
- ALAS-2017-868
- Severity
- critical
- URL
- https://alas.aws.amazon.com/ALAS-2017-868.html
- Published
-
2017-08-10T16:31:00
(7 years ago) - Modified
-
2017-10-26T23:11:00
(6 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
DSA-3927-1
-
DSA-3945-1
-
DSA-3981-1
-
ELSA-2017-2930
-
ELSA-2017-3200
-
ELSA-2017-3631
-
ELSA-2017-3632
-
ELSA-2017-3633
-
ELSA-2018-0169
-
FEDORA-2017-4336d64e21
-
FEDORA-2017-544eef948f
-
FEDORA-2017-73f71456d7
-
FEDORA-2017-98548b066b
-
FEDORA-2017-deb70b495e
-
FEDORA-2018-4ca01704a2
-
FEDORA-2018-6367a17aa3
-
FEDORA-2018-884a105c04
-
RHSA-2017:2930
-
RHSA-2017:2931
-
RHSA-2017:3200
-
RHSA-2018:0169
-
SUSE-SU-2017:2131-1
-
SUSE-SU-2017:2142-1
-
SUSE-SU-2017:2150-1
-
SUSE-SU-2017:2286-1
-
SUSE-SU-2017:2342-1
-
SUSE-SU-2017:2389-1
-
SUSE-SU-2017:2423-1
-
SUSE-SU-2017:2424-1
-
SUSE-SU-2017:2436-1
-
SUSE-SU-2017:2437-1
-
SUSE-SU-2017:2438-1
-
SUSE-SU-2017:2438-2
-
SUSE-SU-2017:2439-1
-
SUSE-SU-2017:2440-1
-
SUSE-SU-2017:2441-1
-
SUSE-SU-2017:2442-1
-
SUSE-SU-2017:2443-1
-
SUSE-SU-2017:2446-1
-
SUSE-SU-2017:2447-1
-
SUSE-SU-2017:2448-1
-
SUSE-SU-2017:2454-1
-
SUSE-SU-2017:2455-1
-
SUSE-SU-2017:2456-1
-
SUSE-SU-2017:2457-1
-
SUSE-SU-2017:2458-1
-
SUSE-SU-2017:2464-1
-
SUSE-SU-2017:2465-1
-
SUSE-SU-2017:2467-1
-
SUSE-SU-2017:2469-1
-
SUSE-SU-2017:2471-1
-
SUSE-SU-2017:2472-1
-
SUSE-SU-2017:2473-1
-
SUSE-SU-2017:2474-1
-
SUSE-SU-2017:2475-1
-
SUSE-SU-2017:2476-1
-
SUSE-SU-2017:2497-1
-
SUSE-SU-2017:2498-1
-
SUSE-SU-2017:2499-1
-
SUSE-SU-2017:2500-1
-
SUSE-SU-2017:2506-1
-
SUSE-SU-2017:2508-1
-
SUSE-SU-2017:2509-1
-
SUSE-SU-2017:2510-1
-
SUSE-SU-2017:2511-1
-
SUSE-SU-2017:2525-1
-
SUSE-SU-2017:2694-1
-
SUSE-SU-2017:2775-1
-
SUSE-SU-2017:2791-1
-
SUSE-SU-2017:2813-1
-
SUSE-SU-2017:2908-1
-
SUSE-SU-2017:2920-1
-
SUSE-SU-2017:2956-1
-
SUSE-SU-2017:3265-1
-
USN-3384-1
-
USN-3384-2
-
USN-3385-1
-
USN-3385-2
-
USN-3386-1
-
USN-3386-2
-
USN-3405-1
-
USN-3405-2
-
USN-3468-1
-
USN-3468-2
-
USN-3468-3
-
USN-3470-1
-
USN-3470-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2017-1000111 |
|
|
| CVE | CVE-2017-1000112 |
|
|
| CVE | CVE-2017-11176 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-doc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
kernel-doc
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.9.38-16.35.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |