漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Issue Overview:
Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112 )
heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111 )
QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 4.9.38-16.35.amzn1: perf-debuginfo, kernel-tools, perf, kernel-devel, kernel-tools-devel, kernel-headers, kernel-debuginfo-common-x86_64, kernel-debuginfo, kernel, kernel-tools-debuginfo, kernel-doc, kernel-debuginfo-common-i686
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-868 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-868: Amazon Linux (kernel (4.9.38-16.35.amzn1) on noarch)
ALAS-2017-868: Amazon Linux (kernel (4.9.38-16.35.amzn1) on x86_64)
ALAS-2017-868: Amazon Linux (kernel (4.9.38-16.35.amzn1) on src)
ALAS-2017-868: Amazon Linux (kernel (4.9.38-16.35.amzn1) on i686)
0daybank
文章评论