ALAS2LIVEPATCH-2020-024


Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-024
Advisory Release Date: 2020-06-20 03:37 Pacific
Advisory Updated Date: 2020-06-24 20:28 Pacific
Severity: Important

Issue Overview:

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)


Affected Packages:

kernel-livepatch-4.14.177-139.254


Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.177-139.254 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.177-139.254-1.0-3.amzn2.src

x86_64:
    kernel-livepatch-4.14.177-139.254-1.0-3.amzn2.x86_64
    kernel-livepatch-4.14.177-139.254-debuginfo-1.0-3.amzn2.x86_64