ALAS-2019-1232


Amazon Linux AMI Security Advisory: ALAS-2019-1232
Advisory Release Date: 2019-09-18 21:19 Pacific
Severity: Important

Issue Overview:

An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900 )

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.(CVE-2019-11599 )


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
i686:
    perf-4.14.133-88.105.amzn1.i686
    kernel-debuginfo-4.14.133-88.105.amzn1.i686
    kernel-tools-debuginfo-4.14.133-88.105.amzn1.i686
    kernel-tools-4.14.133-88.105.amzn1.i686
    perf-debuginfo-4.14.133-88.105.amzn1.i686
    kernel-headers-4.14.133-88.105.amzn1.i686
    kernel-debuginfo-common-i686-4.14.133-88.105.amzn1.i686
    kernel-4.14.133-88.105.amzn1.i686
    kernel-devel-4.14.133-88.105.amzn1.i686
    kernel-tools-devel-4.14.133-88.105.amzn1.i686

src:
    kernel-4.14.133-88.105.amzn1.src

x86_64:
    kernel-headers-4.14.133-88.105.amzn1.x86_64
    kernel-devel-4.14.133-88.105.amzn1.x86_64
    perf-4.14.133-88.105.amzn1.x86_64
    perf-debuginfo-4.14.133-88.105.amzn1.x86_64
    kernel-debuginfo-4.14.133-88.105.amzn1.x86_64
    kernel-tools-devel-4.14.133-88.105.amzn1.x86_64
    kernel-4.14.133-88.105.amzn1.x86_64
    kernel-tools-4.14.133-88.105.amzn1.x86_64
    kernel-tools-debuginfo-4.14.133-88.105.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.133-88.105.amzn1.x86_64