[ALAS2-2019-1145] Amazon Linux 2 2017.12 - ALAS2-2019-1145: medium priority package update for kernel

Severity Medium

Affected Packages 25

CVEs 2

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2018-20169:
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
1660385:
CVE-2018-20169 kernel: Mishandled size checks during the reading of an extra descriptor

CVE-2018-14625:
A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory.
1619846:
CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt

Package	Affected Version
pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2
pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2	< 4.14.88-88.76.amzn2

ID

ALAS2-2019-1145

Severity

medium

URL

https://alas.aws.amazon.com/AL2/ALAS-2019-1145.html

Published

2019-01-07T22:25:00
(5 years ago)

Modified

2019-01-09T01:12:00
(5 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2018-14625		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625
CVE	CVE-2018-20169		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20169

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2	amazonlinux	python-perf	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2	amazonlinux	python-perf	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	python-perf-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	python-perf-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2	amazonlinux	perf	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2	amazonlinux	perf	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	perf-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	perf-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-tools	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-tools	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-tools-devel	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-tools-devel	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-tools-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-tools-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-headers	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2	amazonlinux	kernel-headers	< 4.14.88-88.76.amzn2	amazonlinux-2	i686
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-headers	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-devel	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-devel	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo-common-x86_64	< 4.14.88-88.76.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2	amazonlinux	kernel-debuginfo-common-aarch64	< 4.14.88-88.76.amzn2	amazonlinux-2	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date