Lucene search

K
amazonAmazonALAS-2015-491
HistoryMar 13, 2015 - 2:34 a.m.

Low: kernel

2015-03-1302:34:00
alas.aws.amazon.com
45

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.008

Percentile

81.5%

Issue Overview:

It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four.

Affected Packages:

kernel

Issue Correction:
Run yum clean all followed by yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:  
    kernel-headers-3.14.35-28.38.amzn1.i686  
    kernel-tools-debuginfo-3.14.35-28.38.amzn1.i686  
    perf-debuginfo-3.14.35-28.38.amzn1.i686  
    kernel-debuginfo-3.14.35-28.38.amzn1.i686  
    kernel-debuginfo-common-i686-3.14.35-28.38.amzn1.i686  
    kernel-tools-devel-3.14.35-28.38.amzn1.i686  
    kernel-3.14.35-28.38.amzn1.i686  
    kernel-tools-3.14.35-28.38.amzn1.i686  
    kernel-devel-3.14.35-28.38.amzn1.i686  
    perf-3.14.35-28.38.amzn1.i686  
  
noarch:  
    kernel-doc-3.14.35-28.38.amzn1.noarch  
  
src:  
    kernel-3.14.35-28.38.amzn1.src  
  
x86_64:  
    kernel-tools-devel-3.14.35-28.38.amzn1.x86_64  
    kernel-devel-3.14.35-28.38.amzn1.x86_64  
    perf-debuginfo-3.14.35-28.38.amzn1.x86_64  
    kernel-debuginfo-3.14.35-28.38.amzn1.x86_64  
    kernel-headers-3.14.35-28.38.amzn1.x86_64  
    kernel-tools-3.14.35-28.38.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-3.14.35-28.38.amzn1.x86_64  
    kernel-tools-debuginfo-3.14.35-28.38.amzn1.x86_64  
    kernel-3.14.35-28.38.amzn1.x86_64  
    perf-3.14.35-28.38.amzn1.x86_64  

Additional References

Red Hat: CVE-2015-1593

Mitre: CVE-2015-1593

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.008

Percentile

81.5%