Amazon Linux 1 Security Advisory: ALAS-2014-328
Advisory Release Date: 2014-04-22 10:53 Pacific
Advisory Updated Date: 2014-09-18 00:24 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.
i686:
kernel-3.10.37-47.135.amzn1.i686
perf-debuginfo-3.10.37-47.135.amzn1.i686
kernel-debuginfo-3.10.37-47.135.amzn1.i686
perf-3.10.37-47.135.amzn1.i686
kernel-debuginfo-common-i686-3.10.37-47.135.amzn1.i686
kernel-devel-3.10.37-47.135.amzn1.i686
kernel-headers-3.10.37-47.135.amzn1.i686
noarch:
kernel-doc-3.10.37-47.135.amzn1.noarch
src:
kernel-3.10.37-47.135.amzn1.src
x86_64:
perf-debuginfo-3.10.37-47.135.amzn1.x86_64
kernel-debuginfo-common-x86_64-3.10.37-47.135.amzn1.x86_64
kernel-debuginfo-3.10.37-47.135.amzn1.x86_64
kernel-3.10.37-47.135.amzn1.x86_64
kernel-headers-3.10.37-47.135.amzn1.x86_64
perf-3.10.37-47.135.amzn1.x86_64
kernel-devel-3.10.37-47.135.amzn1.x86_64