ALAS-2014-455

Amazon Linux 1 Security Advisory: ALAS-2014-455
Advisory Release Date: 2014-12-03 22:27 Pacific
Advisory Updated Date: 2014-12-18 14:55 Pacific

Severity: Medium

References: CVE-2014-7841 CVE-2014-7970 CVE-2014-9090 CVE-2014-9322
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. (CVE-2014-7841)

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. (CVE-2014-7970)

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. (CVE-2014-9090)

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322)

Affected Packages:

kernel

Issue Correction:
Run yum clean all followed by yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:
    kernel-3.14.26-24.46.amzn1.i686
    kernel-debuginfo-3.14.26-24.46.amzn1.i686
    perf-debuginfo-3.14.26-24.46.amzn1.i686
    kernel-devel-3.14.26-24.46.amzn1.i686
    kernel-tools-devel-3.14.26-24.46.amzn1.i686
    kernel-debuginfo-common-i686-3.14.26-24.46.amzn1.i686
    kernel-tools-3.14.26-24.46.amzn1.i686
    perf-3.14.26-24.46.amzn1.i686
    kernel-headers-3.14.26-24.46.amzn1.i686
    kernel-tools-debuginfo-3.14.26-24.46.amzn1.i686

noarch:
    kernel-doc-3.14.26-24.46.amzn1.noarch

src:
    kernel-3.14.26-24.46.amzn1.src

x86_64:
    kernel-headers-3.14.26-24.46.amzn1.x86_64
    kernel-devel-3.14.26-24.46.amzn1.x86_64
    kernel-tools-debuginfo-3.14.26-24.46.amzn1.x86_64
    kernel-tools-devel-3.14.26-24.46.amzn1.x86_64
    kernel-debuginfo-common-x86_64-3.14.26-24.46.amzn1.x86_64
    kernel-tools-3.14.26-24.46.amzn1.x86_64
    perf-3.14.26-24.46.amzn1.x86_64
    kernel-debuginfo-3.14.26-24.46.amzn1.x86_64
    kernel-3.14.26-24.46.amzn1.x86_64
    perf-debuginfo-3.14.26-24.46.amzn1.x86_64

Additional References

Red Hat: CVE-2014-7841, CVE-2014-7970, CVE-2014-9090, CVE-2014-9322

Mitre: CVE-2014-7841, CVE-2014-7970, CVE-2014-9090, CVE-2014-9322