[ALAS-2019-1280] Amazon Linux AMI 2014.03 - ALAS-2019-1280: medium priority package update for kernel
Severity
Medium
Affected Packages
20
CVEs
2
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2018-9363:
A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service.
1623067:
CVE-2018-9363 kernel: Buffer overflow in hidp_process_report
CVE-2018-15594:
It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.
1620555:
CVE-2018-15594 kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
- ID
- ALAS-2019-1280
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2019-1280.html
- Published
-
2019-09-13T22:45:00
(5 years ago) - Modified
-
2019-09-18T21:27:00
(5 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS2-2019-1280
-
ALAS2-2019-1281
-
DSA-4308-1
-
ELSA-2018-4208
-
ELSA-2019-2029
-
ELSA-2019-4315
-
RHSA-2019:2029
-
RHSA-2019:2043
-
SUSE-SU-2018:2538-1
-
SUSE-SU-2018:2539-1
-
SUSE-SU-2018:2596-1
-
SUSE-SU-2018:2775-1
-
SUSE-SU-2018:2776-1
-
SUSE-SU-2018:2858-1
-
SUSE-SU-2018:2879-1
-
SUSE-SU-2018:3084-1
-
SUSE-SU-2018:3088-1
-
SUSE-SU-2018:3961-1
-
SUSE-SU-2019:1245-1
-
USN-3775-1
-
USN-3775-2
-
USN-3776-1
-
USN-3776-2
-
USN-3777-1
-
USN-3777-2
-
USN-3777-3
-
USN-3797-1
-
USN-3797-2
-
USN-3820-1
-
USN-3820-2
-
USN-3820-3
-
USN-3822-1
-
USN-3822-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2018-15594 |
|
|
| CVE | CVE-2018-9363 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |