[ALAS-2019-1280] Amazon Linux AMI 2014.03 - ALAS-2019-1280: medium priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2018-9363:
A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service.
1623067:
CVE-2018-9363 kernel: Buffer overflow in hidp_process_report
CVE-2018-15594:
It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.
1620555:
CVE-2018-15594 kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
- ID
- ALAS-2019-1280
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2019-1280.html
- Published
-
2019-09-13T22:45:00
(5 years ago) - Modified
-
2019-09-18T21:27:00
(5 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS2-2019-1280
- ALAS2-2019-1281
- DSA-4308-1
- ELSA-2018-4208
- ELSA-2019-2029
- ELSA-2019-4315
- RHSA-2019:2029
- RHSA-2019:2043
- SUSE-SU-2018:2538-1
- SUSE-SU-2018:2539-1
- SUSE-SU-2018:2596-1
- SUSE-SU-2018:2775-1
- SUSE-SU-2018:2776-1
- SUSE-SU-2018:2858-1
- SUSE-SU-2018:2879-1
- SUSE-SU-2018:3084-1
- SUSE-SU-2018:3088-1
- SUSE-SU-2018:3961-1
- SUSE-SU-2019:1245-1
- USN-3775-1
- USN-3775-2
- USN-3776-1
- USN-3776-2
- USN-3777-1
- USN-3777-2
- USN-3777-3
- USN-3797-1
- USN-3797-2
- USN-3820-1
- USN-3820-2
- USN-3820-3
- USN-3822-1
- USN-3822-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2018-15594 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15594 | |
CVE | CVE-2018-9363 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9363 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.67-66.56.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 4.14.67-66.56.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |