ALAS-2016-669


Amazon Linux AMI Security Advisory: ALAS-2016-669
Advisory Release Date: 2016-12-23 21:35 Pacific
Severity: Medium

Issue Overview:

When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. (CVE-2016-3157 )

In some cases, the kernel did not correctly fix backward jumps in a new eBPF program, which could allow arbitrary reads. (CVE-2016-2383 )

The kernel incorrectly accounted for the number of in-flight fds over a unix domain socket to the original opener of the file descriptor. Another process could arbitrarily deplete the original file opener's maximum open files resource limit. (CVE-2016-2550 )

A resource-exhaustion vulnerability was found in the kernel, where an unprivileged process could allocate and accumulate far more file descriptors than the process' limit. A local, unauthenticated user could exploit this flaw by sending file descriptors over a Unix socket and then closing them to keep the process' fd count low, thereby creating kernel-memory or file-descriptors exhaustion (denial of service). (CVE-2016-2847 )


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
i686:
    perf-debuginfo-4.1.19-24.31.amzn1.i686
    kernel-headers-4.1.19-24.31.amzn1.i686
    kernel-devel-4.1.19-24.31.amzn1.i686
    kernel-debuginfo-common-i686-4.1.19-24.31.amzn1.i686
    kernel-tools-devel-4.1.19-24.31.amzn1.i686
    kernel-tools-debuginfo-4.1.19-24.31.amzn1.i686
    kernel-tools-4.1.19-24.31.amzn1.i686
    kernel-4.1.19-24.31.amzn1.i686
    kernel-debuginfo-4.1.19-24.31.amzn1.i686
    perf-4.1.19-24.31.amzn1.i686

noarch:
    kernel-doc-4.1.19-24.31.amzn1.noarch

src:
    kernel-4.1.19-24.31.amzn1.src

x86_64:
    kernel-tools-debuginfo-4.1.19-24.31.amzn1.x86_64
    kernel-tools-devel-4.1.19-24.31.amzn1.x86_64
    kernel-devel-4.1.19-24.31.amzn1.x86_64
    kernel-headers-4.1.19-24.31.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.1.19-24.31.amzn1.x86_64
    kernel-tools-4.1.19-24.31.amzn1.x86_64
    kernel-4.1.19-24.31.amzn1.x86_64
    perf-4.1.19-24.31.amzn1.x86_64
    perf-debuginfo-4.1.19-24.31.amzn1.x86_64
    kernel-debuginfo-4.1.19-24.31.amzn1.x86_64