ALAS-2019-1281

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.(CVE-2019-15902)

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.(CVE-2019-15538)

i686:
    kernel-headers-4.14.143-91.122.amzn1.i686
    perf-4.14.143-91.122.amzn1.i686
    kernel-4.14.143-91.122.amzn1.i686
    kernel-tools-devel-4.14.143-91.122.amzn1.i686
    kernel-tools-debuginfo-4.14.143-91.122.amzn1.i686
    kernel-debuginfo-common-i686-4.14.143-91.122.amzn1.i686
    perf-debuginfo-4.14.143-91.122.amzn1.i686
    kernel-devel-4.14.143-91.122.amzn1.i686
    kernel-tools-4.14.143-91.122.amzn1.i686
    kernel-debuginfo-4.14.143-91.122.amzn1.i686

src:
    kernel-4.14.143-91.122.amzn1.src

x86_64:
    kernel-tools-4.14.143-91.122.amzn1.x86_64
    kernel-headers-4.14.143-91.122.amzn1.x86_64
    kernel-tools-devel-4.14.143-91.122.amzn1.x86_64
    perf-debuginfo-4.14.143-91.122.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.143-91.122.amzn1.x86_64
    kernel-tools-debuginfo-4.14.143-91.122.amzn1.x86_64
    kernel-4.14.143-91.122.amzn1.x86_64
    kernel-debuginfo-4.14.143-91.122.amzn1.x86_64
    kernel-devel-4.14.143-91.122.amzn1.x86_64
    perf-4.14.143-91.122.amzn1.x86_64