[security-announce] Kernel (linux-qoriq 3.12): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Dec 4 10:52:21 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq - 3.12)
Severity: Moderate
CVE Names: CVE-2014-8884
Layer: meta-enea
=========================================================

This security update fixes a buffer overflow in the
TechnoTrend/Hauppauge DEC USB device driver.
A local user with write access to the corresponding device could use
this flaw to crash the kernel or, potentially, elevate their
privileges on the system.

Description
===========
Stack-based buffer overflow in the
ttusbdecfe_dvbs_diseqc_send_master_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash)
or possibly gain privileges via a large message length in an ioctl call.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884
http://www.openwall.com/lists/oss-security/2014/11/14/7
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8884

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=482c6cb2dfb40838d67b0ba844b4b3d0af0f3d20

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=380a96f628fab2263
cc12d72b15bf432a9528435

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b di
zzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWYWJVAAoJEHc+9u9ocWoUBA0P/jzJokK/eNEQT5suiup00vo0
h/FZwMSR2hifpSumBFZtk1Trk3qQjsO9kJBnuZ+PQLsPaOGEJ6fvEaf2mjReRcNV
mqhdBwxq+fgAv69b6Hoa5PFNdsQlPa6nb1atMS9+lsOV8yKM1gCnEQjRXg7UK8NE
BypmO4BSGZIzXCz2y++bFx2DbGQgibuMu1f7naAc8zsWvA2vzAGuixASgD5Syn/2
BbGED/RWP7PQc5pGl3s7cdW8p37KP6yEEWGAln09/E+L7mLYrJfUvxJYCtPm4sYh
0ndRvSWfitFMJ1WSosMUniMgamyezT6cgYN8DpWzpnQt7VhUned24CvNqmc6DZh1
8GnpQVhHzItBWAtZGP5ZaVyx0Pz0niOUH2mVRpqFbcqsiwddqHlrIZUMiIPv/ymn
CadfhefWXAy/CDWTcBeU5MthHirlnTkQFJHR6Bb5by2Zv0WndQwQyhMs3GtbsVe1
nY+jXZibax4lZX/AcHkCHn7b3l/kNsiIadPgSUbX3Fxc24u6x4crDalMuq/OFjiI
XTkgfi5BIo568XOX/FzbOX13xHRY05UhxCwqMRlFmyuBmtlnWPdLhpYc+5hKMTvN
Di6PumJbJsjoU3kgvbPT+mNJO+GFT2urnSUXO3VQxtuK9zJKAOz3/CNEZoYDo2KN
k+sSy2FCUqLfqDfc2Pth
=psnt
-----END PGP SIGNATURE-----



More information about the security-announce mailing list