Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-002
Advisory Release Date: 2020-03-03 02:24 Pacific
Advisory Updated Date: 2020-04-28 18:37 Pacific
Severity:
Important
Issue Overview:
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.(CVE-2019-2009)
Affected Packages:
kernel-livepatch-4.14.165-133.209
Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.165-133.209 to update your system.
New Packages:
src:
kernel-livepatch-4.14.165-133.209-1.0-3.amzn2.src
x86_64:
kernel-livepatch-4.14.165-133.209-1.0-3.amzn2.x86_64
kernel-livepatch-4.14.165-133.209-debuginfo-1.0-3.amzn2.x86_64