Medium: kernel

Issue Overview:

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a “mount -o remount” command within a user namespace.

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a “mount -o remount” command within a user namespace.

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:  
    kernel-tools-debuginfo-3.14.19-17.43.amzn1.i686  
    kernel-3.14.19-17.43.amzn1.i686  
    kernel-debuginfo-3.14.19-17.43.amzn1.i686  
    perf-3.14.19-17.43.amzn1.i686  
    kernel-tools-3.14.19-17.43.amzn1.i686  
    kernel-devel-3.14.19-17.43.amzn1.i686  
    kernel-tools-devel-3.14.19-17.43.amzn1.i686  
    perf-debuginfo-3.14.19-17.43.amzn1.i686  
    kernel-headers-3.14.19-17.43.amzn1.i686  
    kernel-debuginfo-common-i686-3.14.19-17.43.amzn1.i686  
  
noarch:  
    kernel-doc-3.14.19-17.43.amzn1.noarch  
  
src:  
    kernel-3.14.19-17.43.amzn1.src  
  
x86_64:  
    perf-debuginfo-3.14.19-17.43.amzn1.x86_64  
    kernel-devel-3.14.19-17.43.amzn1.x86_64  
    perf-3.14.19-17.43.amzn1.x86_64  
    kernel-3.14.19-17.43.amzn1.x86_64  
    kernel-debuginfo-3.14.19-17.43.amzn1.x86_64  
    kernel-tools-devel-3.14.19-17.43.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-3.14.19-17.43.amzn1.x86_64  
    kernel-tools-3.14.19-17.43.amzn1.x86_64  
    kernel-tools-debuginfo-3.14.19-17.43.amzn1.x86_64  
    kernel-headers-3.14.19-17.43.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-5206, CVE-2014-5207

Mitre: CVE-2014-5206, CVE-2014-5207