ALAS-2015-544


Amazon Linux AMI Security Advisory: ALAS-2015-544
Advisory Release Date: 2015-06-16 11:42 Pacific
Severity: Medium
References: CVE-2014-3215 

Issue Overview:

A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.


Affected Packages:

kernel


Issue Correction:
Run yum clean all followed by yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:
i686:
    kernel-tools-debuginfo-3.14.44-32.39.amzn1.i686
    kernel-3.14.44-32.39.amzn1.i686
    perf-debuginfo-3.14.44-32.39.amzn1.i686
    kernel-tools-3.14.44-32.39.amzn1.i686
    kernel-debuginfo-3.14.44-32.39.amzn1.i686
    kernel-headers-3.14.44-32.39.amzn1.i686
    kernel-debuginfo-common-i686-3.14.44-32.39.amzn1.i686
    kernel-tools-devel-3.14.44-32.39.amzn1.i686
    perf-3.14.44-32.39.amzn1.i686
    kernel-devel-3.14.44-32.39.amzn1.i686

noarch:
    kernel-doc-3.14.44-32.39.amzn1.noarch

src:
    kernel-3.14.44-32.39.amzn1.src

x86_64:
    kernel-tools-3.14.44-32.39.amzn1.x86_64
    kernel-debuginfo-3.14.44-32.39.amzn1.x86_64
    kernel-3.14.44-32.39.amzn1.x86_64
    kernel-headers-3.14.44-32.39.amzn1.x86_64
    kernel-debuginfo-common-x86_64-3.14.44-32.39.amzn1.x86_64
    perf-3.14.44-32.39.amzn1.x86_64
    kernel-devel-3.14.44-32.39.amzn1.x86_64
    perf-debuginfo-3.14.44-32.39.amzn1.x86_64
    kernel-tools-debuginfo-3.14.44-32.39.amzn1.x86_64
    kernel-tools-devel-3.14.44-32.39.amzn1.x86_64