[ALAS-2019-1281] Amazon Linux AMI 2014.03 - ALAS-2019-1281: medium priority package update for kernel

Severity Medium

Affected Packages 20

CVEs 2

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2019-15902:
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
1752081:
CVE-2019-15902 kernel: backporting error in ptrace_get_debugreg()

CVE-2019-15538:
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
1746777:
CVE-2019-15538 kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c

Package	Affected Version
pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1	< 4.14.143-91.122.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1	< 4.14.143-91.122.amzn1

ID

ALAS-2019-1281

Severity

medium

URL

https://alas.aws.amazon.com/ALAS-2019-1281.html

Published

2019-09-13T22:48:00
(5 years ago)

Modified

2019-09-18T21:28:00
(5 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2019-15538		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15538
CVE	CVE-2019-15902		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15902

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1	amazonlinux	perf	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1	amazonlinux	perf	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	perf-debuginfo	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	perf-debuginfo	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools-devel	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools-devel	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools-debuginfo	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools-debuginfo	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-headers	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-headers	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-devel	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-devel	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-debuginfo	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-debuginfo	< 4.14.143-91.122.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-debuginfo-common-x86_64	< 4.14.143-91.122.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-debuginfo-common-i686	< 4.14.143-91.122.amzn1	amazonlinux-1	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date