ALAS-2016-704

Amazon Linux 1 Security Advisory: ALAS-2016-704
Advisory Release Date: 2016-06-02 17:36 Pacific
Advisory Updated Date: 2016-06-03 19:27 Pacific

Severity: Low

References: CVE-2016-4913
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. (CVE-2016-4913)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:
    kernel-4.4.11-23.53.amzn1.i686
    perf-4.4.11-23.53.amzn1.i686
    kernel-tools-devel-4.4.11-23.53.amzn1.i686
    kernel-devel-4.4.11-23.53.amzn1.i686
    kernel-tools-4.4.11-23.53.amzn1.i686
    kernel-tools-debuginfo-4.4.11-23.53.amzn1.i686
    perf-debuginfo-4.4.11-23.53.amzn1.i686
    kernel-headers-4.4.11-23.53.amzn1.i686
    kernel-debuginfo-common-i686-4.4.11-23.53.amzn1.i686
    kernel-debuginfo-4.4.11-23.53.amzn1.i686

noarch:
    kernel-doc-4.4.11-23.53.amzn1.noarch

src:
    kernel-4.4.11-23.53.amzn1.src

x86_64:
    kernel-tools-debuginfo-4.4.11-23.53.amzn1.x86_64
    kernel-tools-4.4.11-23.53.amzn1.x86_64
    kernel-4.4.11-23.53.amzn1.x86_64
    perf-debuginfo-4.4.11-23.53.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.4.11-23.53.amzn1.x86_64
    kernel-headers-4.4.11-23.53.amzn1.x86_64
    perf-4.4.11-23.53.amzn1.x86_64
    kernel-devel-4.4.11-23.53.amzn1.x86_64
    kernel-debuginfo-4.4.11-23.53.amzn1.x86_64
    kernel-tools-devel-4.4.11-23.53.amzn1.x86_64

Additional References

Red Hat: CVE-2016-4913

Mitre: CVE-2016-4913