Amazon Linux 1 Security Advisory: ALAS-2015-603
Advisory Release Date: 2015-10-27 13:40 Pacific
Advisory Updated Date: 2017-10-13 00:11 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. (CVE-2015-7613)
Linux kernels built with the name spaces support(CONFIG_NAMESPACE) is vulnerable to a potential privilege escalation flaw. It could occur when a process within a container escapes the intended bind mounts to access the full file system. A privileged user inside a container could use this flaw to potentially gain full privileges on a system. (CVE-2015-2925)
A NULL-pointer dereference vulnerability was found in the Linux kernel's TCP stack, in net/netfilter/nf_nat_redirect.c in the nf_nat_redirect_ipv4() function. A remote, unauthenticated user could exploit this flaw to create a system crash (denial of service). (CVE-2015-8787)
Affected Packages:
kernel
Issue Correction:
Run yum clean all followed by yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.
i686:
kernel-debuginfo-common-i686-4.1.10-17.31.amzn1.i686
kernel-tools-debuginfo-4.1.10-17.31.amzn1.i686
perf-debuginfo-4.1.10-17.31.amzn1.i686
kernel-devel-4.1.10-17.31.amzn1.i686
kernel-4.1.10-17.31.amzn1.i686
kernel-headers-4.1.10-17.31.amzn1.i686
perf-4.1.10-17.31.amzn1.i686
kernel-debuginfo-4.1.10-17.31.amzn1.i686
kernel-tools-4.1.10-17.31.amzn1.i686
kernel-tools-devel-4.1.10-17.31.amzn1.i686
noarch:
kernel-doc-4.1.10-17.31.amzn1.noarch
src:
kernel-4.1.10-17.31.amzn1.src
x86_64:
kernel-tools-devel-4.1.10-17.31.amzn1.x86_64
perf-debuginfo-4.1.10-17.31.amzn1.x86_64
kernel-debuginfo-4.1.10-17.31.amzn1.x86_64
kernel-tools-4.1.10-17.31.amzn1.x86_64
kernel-4.1.10-17.31.amzn1.x86_64
kernel-tools-debuginfo-4.1.10-17.31.amzn1.x86_64
kernel-headers-4.1.10-17.31.amzn1.x86_64
perf-4.1.10-17.31.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.1.10-17.31.amzn1.x86_64
kernel-devel-4.1.10-17.31.amzn1.x86_64