ALAS2LIVEPATCH-2020-003

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-003
Advisory Release Date: 2020-03-03 02:24 Pacific
Advisory Updated Date: 2020-04-28 18:38 Pacific

Severity: Medium

References: CVE-2019-20096
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.(CVE-2019-20096)

Affected Packages:

kernel-livepatch-4.14.165-131.185

Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.165-131.185 to update your system.

New Packages:

src:
    kernel-livepatch-4.14.165-131.185-1.0-3.amzn2.src

x86_64:
    kernel-livepatch-4.14.165-131.185-1.0-3.amzn2.x86_64
    kernel-livepatch-4.14.165-131.185-debuginfo-1.0-3.amzn2.x86_64

Additional References

Red Hat: CVE-2019-20096

Mitre: CVE-2019-20096

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2LIVEPATCH-2020-003

Additional References