Test ID:	1.3.6.1.4.1.25623.1.0.120291
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2015-476)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2015-476 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2015-476 advisory. Vulnerability Insight: The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a 'negative groups' issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. (CVE-2014-8989) A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822) Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7822 117810 http://www.osvdb.org/117810 36743 https://www.exploit-db.com/exploits/36743/ 72347 http://www.securityfocus.com/bid/72347 DSA-3170 http://www.debian.org/security/2015/dsa-3170 RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html RHSA-2015:0164 http://rhn.redhat.com/errata/RHSA-2015-0164.html RHSA-2015:0674 http://rhn.redhat.com/errata/RHSA-2015-0674.html RHSA-2015:0694 http://rhn.redhat.com/errata/RHSA-2015-0694.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html USN-2541-1 http://www.ubuntu.com/usn/USN-2541-1 USN-2542-1 http://www.ubuntu.com/usn/USN-2542-1 USN-2543-1 http://www.ubuntu.com/usn/USN-2543-1 USN-2544-1 http://www.ubuntu.com/usn/USN-2544-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1163792 https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958 openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8989 BugTraq ID: 71154 http://www.securityfocus.com/bid/71154 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2014/11/20/4 http://www.ubuntu.com/usn/USN-2515-1 http://www.ubuntu.com/usn/USN-2516-1 http://www.ubuntu.com/usn/USN-2517-1 http://www.ubuntu.com/usn/USN-2518-1
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.