ALAS2LIVEPATCH-2020-001

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-001
Advisory Release Date: 2020-03-03 02:24 Pacific
Advisory Updated Date: 2020-04-28 18:37 Pacific

Severity: Important

References: CVE-2019-15918
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-1591)

Affected Packages:

kernel-livepatch-4.14.165-131.185

Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.165-131.185 to update your system.

New Packages:

src:
    kernel-livepatch-4.14.165-131.185-1.0-2.amzn2.src

x86_64:
    kernel-livepatch-4.14.165-131.185-1.0-2.amzn2.x86_64
    kernel-livepatch-4.14.165-131.185-debuginfo-1.0-2.amzn2.x86_64

Additional References

Red Hat: CVE-2019-15918

Mitre: CVE-2019-15918

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2LIVEPATCH-2020-001

Additional References