Vulmon
Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-026
Advisory Release Date: 2020-09-04 17:55 Pacific
Advisory Updated Date: 2020-09-10 19:21 Pacific
Severity:
Important
Issue Overview:
An issue has been reported in the Linux kernel's handling of raw sockets. This issue can be used locally to cause denial of service or local privilege escalation from unprivileged processes or from containers with the CAP_NET_RAW capability enabled.
See Also:
https://marc.info/?l=linux-netdev&m=159915549623724&w=2
https://www.openwall.com/lists/oss-security/2020/09/03/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14386 (CVE-2020-14386)
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)
Affected Packages:
kernel-livepatch-4.14.186-146.268
Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.186-146.268 to update your system.
New Packages:
src:
kernel-livepatch-4.14.186-146.268-1.0-3.amzn2.src
x86_64:
kernel-livepatch-4.14.186-146.268-1.0-3.amzn2.x86_64
kernel-livepatch-4.14.186-146.268-debuginfo-1.0-3.amzn2.x86_64