[ALAS-2023-1803] Amazon Linux AMI 2014.03 - ALAS-2023-1803: medium priority package update for kernel
Severity
Medium
Affected Packages
20
CVEs
2
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2023-4128:
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
CVE-2023-34319:
A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash.
- ID
- ALAS-2023-1803
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2023-1803.html
- Published
-
2023-08-17T11:39:00
(13 months ago) - Modified
-
2023-08-23T02:31:00
(13 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2023-1827
-
ALAS2-2023-2206
-
ALAS2-2023-2268
-
ALSA-2023:7077
-
DSA-5480-1
-
DSA-5492-1
-
ELSA-2023-6583
-
ELSA-2023-7077
-
ELSA-2023-7423
-
FEDORA-2023-638681260a
-
FEDORA-2023-d9509be489
-
FEDORA-2023-ddfd3073b3
-
FEDORA-2023-ee241dcf80
-
MS:CVE-2023-4128
-
RHSA-2023:6901
-
RHSA-2023:7077
-
RHSA-2023:7419
-
RHSA-2023:7423
-
RHSA-2023:7424
-
SSA:2023-325-01
-
SUSE-SU-2023:3390-1
-
SUSE-SU-2023:3392-1
-
SUSE-SU-2023:3599-1
-
SUSE-SU-2023:3599-2
-
SUSE-SU-2023:3600-1
-
SUSE-SU-2023:3600-2
-
SUSE-SU-2023:3601-1
-
SUSE-SU-2023:3656-1
-
SUSE-SU-2023:3680-1
-
SUSE-SU-2023:3681-1
-
SUSE-SU-2023:3682-1
-
SUSE-SU-2023:3683-1
-
SUSE-SU-2023:3684-1
-
SUSE-SU-2023:3687-1
-
SUSE-SU-2023:3704-1
-
SUSE-SU-2023:3705-1
-
SUSE-SU-2023:3785-1
-
SUSE-SU-2023:3964-1
-
SUSE-SU-2023:3969-1
-
SUSE-SU-2023:3971-1
-
SUSE-SU-2023:3988-1
-
USN-6343-1
-
USN-6383-1
-
USN-6385-1
-
USN-6386-1
-
USN-6386-2
-
USN-6386-3
-
USN-6387-1
-
USN-6387-2
-
USN-6388-1
-
USN-6396-1
-
USN-6396-2
-
USN-6396-3
-
USN-6439-1
-
USN-6439-2
-
USN-6440-1
-
USN-6440-2
-
USN-6440-3
-
USN-6441-1
-
USN-6441-2
-
USN-6441-3
-
USN-6442-1
-
USN-6444-1
-
USN-6444-2
-
USN-6445-1
-
USN-6445-2
-
USN-6446-1
-
USN-6446-2
-
USN-6446-3
-
USN-6466-1
-
XSA-432
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2023-34319 |
|
|
| CVE | CVE-2023-4128 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.14.322-170.535.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |