ALAS-2016-704


Amazon Linux AMI Security Advisory: ALAS-2016-704
Advisory Release Date: 2016-06-03 19:27 Pacific
Severity: Low
References: CVE-2016-4913 

Issue Overview:

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. (CVE-2016-4913 )


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
i686:
    kernel-4.4.11-23.53.amzn1.i686
    perf-4.4.11-23.53.amzn1.i686
    kernel-tools-devel-4.4.11-23.53.amzn1.i686
    kernel-devel-4.4.11-23.53.amzn1.i686
    kernel-tools-4.4.11-23.53.amzn1.i686
    kernel-tools-debuginfo-4.4.11-23.53.amzn1.i686
    perf-debuginfo-4.4.11-23.53.amzn1.i686
    kernel-headers-4.4.11-23.53.amzn1.i686
    kernel-debuginfo-common-i686-4.4.11-23.53.amzn1.i686
    kernel-debuginfo-4.4.11-23.53.amzn1.i686

noarch:
    kernel-doc-4.4.11-23.53.amzn1.noarch

src:
    kernel-4.4.11-23.53.amzn1.src

x86_64:
    kernel-tools-debuginfo-4.4.11-23.53.amzn1.x86_64
    kernel-tools-4.4.11-23.53.amzn1.x86_64
    kernel-4.4.11-23.53.amzn1.x86_64
    perf-debuginfo-4.4.11-23.53.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.4.11-23.53.amzn1.x86_64
    kernel-headers-4.4.11-23.53.amzn1.x86_64
    perf-4.4.11-23.53.amzn1.x86_64
    kernel-devel-4.4.11-23.53.amzn1.x86_64
    kernel-debuginfo-4.4.11-23.53.amzn1.x86_64
    kernel-tools-devel-4.4.11-23.53.amzn1.x86_64