[ALAS2-2020-1520] Amazon Linux 2 2017.12 - ALAS2-2020-1520: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2020-25645:
A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
1883988: CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
CVE-2020-25643:
A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1879981: CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
CVE-2020-25284:
A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system.
1882594: CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices
CVE-2020-14390:
A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
1876788: CVE-2020-14390 kernel: out-of-bounds write in fbcon_redraw_softback
- ID
- ALAS2-2020-1520
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2020-1520.html
- Published
-
2020-10-22T18:07:00
(3 years ago) - Modified
-
2020-10-22T22:35:00
(3 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2020-1437
-
ALSA-2021:1578
-
DSA-4774-1
-
ELSA-2020-5437
-
ELSA-2020-5866
-
ELSA-2020-5884
-
ELSA-2020-5885
-
ELSA-2020-5912
-
ELSA-2020-5913
-
ELSA-2021-0856
-
ELSA-2021-1578
-
ELSA-2022-9852
-
MS:CVE-2020-14390
-
MS:CVE-2020-25284
-
MS:CVE-2020-25643
-
MS:CVE-2020-25645
-
openSUSE-SU-2020:1586-1
-
openSUSE-SU-2020:1655-1
-
openSUSE-SU-2020:1682-1
-
openSUSE-SU-2020:1698-1
-
openSUSE-SU-2020:2112-1
-
openSUSE-SU-2021:0242-1
-
RHSA-2020:5437
-
RHSA-2020:5441
-
RHSA-2021:0856
-
RHSA-2021:0857
-
RHSA-2021:1578
-
RHSA-2021:1739
-
SSA:2020-295-01
-
SUSE-SU-2020:2879-1
-
SUSE-SU-2020:2904-1
-
SUSE-SU-2020:2905-1
-
SUSE-SU-2020:2906-1
-
SUSE-SU-2020:2907-1
-
SUSE-SU-2020:2908-1
-
SUSE-SU-2020:2972-1
-
SUSE-SU-2020:2980-1
-
SUSE-SU-2020:2981-1
-
SUSE-SU-2020:2999-1
-
SUSE-SU-2020:3014-1
-
SUSE-SU-2020:3230-1
-
SUSE-SU-2020:3281-1
-
SUSE-SU-2020:3389-1
-
SUSE-SU-2020:3400-1
-
SUSE-SU-2020:3402-1
-
SUSE-SU-2020:3433-1
-
SUSE-SU-2020:3441-1
-
SUSE-SU-2020:3449-1
-
SUSE-SU-2020:3484-1
-
SUSE-SU-2020:3491-1
-
SUSE-SU-2020:3501-1
-
SUSE-SU-2020:3503-1
-
SUSE-SU-2020:3532-1
-
SUSE-SU-2020:3544-1
-
SUSE-SU-2020:3648-1
-
SUSE-SU-2020:3656-1
-
SUSE-SU-2021:0835-1
-
SUSE-SU-2021:1074-1
-
SUSE-SU-2021:1148-1
-
USN-4657-1
-
USN-4658-1
-
USN-4660-1
-
USN-4752-1
-
USN-4912-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2020-14390 |
|
|
| CVE | CVE-2020-25284 |
|
|
| CVE | CVE-2020-25643 |
|
|
| CVE | CVE-2020-25645 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
 python-perf
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.200-155.322?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-livepatch-4.14.200-155.322
|
< 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-aarch64
|
< 4.14.200-155.322.amzn2 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |