ALAS-2017-786


Amazon Linux AMI Security Advisory: ALAS-2017-786
Advisory Release Date: 2017-01-19 16:30 Pacific
Severity: Medium
References: CVE-2016-10088 

Issue Overview:

The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 .


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:
i686:
    kernel-tools-4.4.41-36.55.amzn1.i686
    perf-4.4.41-36.55.amzn1.i686
    perf-debuginfo-4.4.41-36.55.amzn1.i686
    kernel-debuginfo-4.4.41-36.55.amzn1.i686
    kernel-tools-debuginfo-4.4.41-36.55.amzn1.i686
    kernel-devel-4.4.41-36.55.amzn1.i686
    kernel-4.4.41-36.55.amzn1.i686
    kernel-tools-devel-4.4.41-36.55.amzn1.i686
    kernel-debuginfo-common-i686-4.4.41-36.55.amzn1.i686
    kernel-headers-4.4.41-36.55.amzn1.i686

noarch:
    kernel-doc-4.4.41-36.55.amzn1.noarch

src:
    kernel-4.4.41-36.55.amzn1.src

x86_64:
    perf-4.4.41-36.55.amzn1.x86_64
    kernel-devel-4.4.41-36.55.amzn1.x86_64
    perf-debuginfo-4.4.41-36.55.amzn1.x86_64
    kernel-tools-4.4.41-36.55.amzn1.x86_64
    kernel-debuginfo-4.4.41-36.55.amzn1.x86_64
    kernel-headers-4.4.41-36.55.amzn1.x86_64
    kernel-tools-debuginfo-4.4.41-36.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.4.41-36.55.amzn1.x86_64
    kernel-4.4.41-36.55.amzn1.x86_64
    kernel-tools-devel-4.4.41-36.55.amzn1.x86_64