AWS-2009-002

September 29, 2009 A vulnerability in certain versions of the Linux kernel allows local users to gain privilege. In response, EC2 has released patched 2.6.18 and 2.6.21 kernels (AKI) and ramdisks (ARI). We suggest that EC2 users update their AMIs and relaunch their affected instances to take advantage of the patched kernels. Detailed information about the vulnerability and patch are available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 Note that this vulnerability affects all Linux kernels 2.6.0 through 2.6.30.4 unless patched. 2.6.21 kernels are available as: US Region: 32-bit: aki-6eaa4907 ari-e7dc3c8e ami-48aa4921 64-bit: aki-a3d737ca ari-4fdf3f26 ami-f61dfd9f EU Region: 32-bit: aki-02486376 ari-aa6348de ami-0a48637e 64-bit: aki-f2634886 ari-a06348d4 ami-927a51e6 The appropriate modules are in ec2-downloads and the full source is here: http://ec2-downloads.s3.amazonaws.com/linux-2.6.21.7-2.fc8xen-ec2-v1.0-src.tgz 2.6.18 kernels are available as: US region: 32-bit: aki-f5c1219c ari-dbc121b2 64-bit: aki-e5c1218c ari-e3c1218a EU region: 32-bit: aki-966a41e2 ari-906a41e4 64-bit: aki-aa6a41de ari-946a41e0 The appropriate modules are in ec2-downloads and the full s…