ALAS-2013-166


Amazon Linux AMI Security Advisory: ALAS-2013-166
Advisory Release Date: 2014-09-15 22:38 Pacific
Severity: Medium

Issue Overview:

It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398 )

A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The "grep --color xsave /proc/cpuinfo" command can be used to verify if your system has the XSAVE CPU feature.) (CVE-2012-4461 )

A memory disclosure flaw was found in the way the load_script() function in the binfmt_script binary format handler handled excessive recursions. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by executing specially-crafted scripts. (CVE-2012-4530 )

A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871 )


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:
i686:
    kernel-tools-3.2.39-6.88.amzn1.i686
    kernel-debuginfo-3.2.39-6.88.amzn1.i686
    kernel-devel-3.2.39-6.88.amzn1.i686
    kernel-3.2.39-6.88.amzn1.i686
    kernel-headers-3.2.39-6.88.amzn1.i686
    kernel-debuginfo-common-i686-3.2.39-6.88.amzn1.i686
    kernel-tools-debuginfo-3.2.39-6.88.amzn1.i686

noarch:
    kernel-doc-3.2.39-6.88.amzn1.noarch

src:
    kernel-3.2.39-6.88.amzn1.src

x86_64:
    kernel-devel-3.2.39-6.88.amzn1.x86_64
    kernel-tools-3.2.39-6.88.amzn1.x86_64
    kernel-debuginfo-3.2.39-6.88.amzn1.x86_64
    kernel-tools-debuginfo-3.2.39-6.88.amzn1.x86_64
    kernel-debuginfo-common-x86_64-3.2.39-6.88.amzn1.x86_64
    kernel-headers-3.2.39-6.88.amzn1.x86_64
    kernel-3.2.39-6.88.amzn1.x86_64