ALAS-2014-328

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

i686:
    kernel-3.10.37-47.135.amzn1.i686
    perf-debuginfo-3.10.37-47.135.amzn1.i686
    kernel-debuginfo-3.10.37-47.135.amzn1.i686
    perf-3.10.37-47.135.amzn1.i686
    kernel-debuginfo-common-i686-3.10.37-47.135.amzn1.i686
    kernel-devel-3.10.37-47.135.amzn1.i686
    kernel-headers-3.10.37-47.135.amzn1.i686

noarch:
    kernel-doc-3.10.37-47.135.amzn1.noarch

src:
    kernel-3.10.37-47.135.amzn1.src

x86_64:
    perf-debuginfo-3.10.37-47.135.amzn1.x86_64
    kernel-debuginfo-common-x86_64-3.10.37-47.135.amzn1.x86_64
    kernel-debuginfo-3.10.37-47.135.amzn1.x86_64
    kernel-3.10.37-47.135.amzn1.x86_64
    kernel-headers-3.10.37-47.135.amzn1.x86_64
    perf-3.10.37-47.135.amzn1.x86_64
    kernel-devel-3.10.37-47.135.amzn1.x86_64