[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jul 3 12:44:30 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (x86/romley-ivb: 3.10.38)
Severity: Low
CVE Names: CVE-2015-2830
Layer: meta-enea
=========================================================

This security update fixes a flaw in the way the Linux
kernel's 32-bit emulation implementation handled forking
or closing of a task with an 'int80' entry.

The patch and README files are gpg signed by ESRT (Enea Security
Response Team) for verification of origin.
To verify the integrity of patches download the ESRT public Key from:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14

For detailed info refer to https://linux.enea.com/4.0/patches/README.asc

Signed patch and README files
================================
0086-kernel-x86-CVE-2015-2830.README.asc
0086-kernel-x86-CVE-2015-2830.patch.asc

Description
===========
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2
does not prevent the TS_COMPAT flag from reaching a user-mode
task, which might allow local users to bypass the seccomp or
audit protection mechanism via a crafted application that uses
the (1) fork or (2) close system call, as demonstrated by an
attack against seccomp before 3.16.


References:
http://seclists.org/oss-sec/2015/q2/8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order.

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0086-kernel-x86-CVE-2015-2830.patch.a
sc
patch -p1 < ./0086-kernel-x86-CVE-2015-2830.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVlmeOAAoJEHc+9u9ocWoUlfIQALHeOd6BDxzkxC8kVbI/jh3T
B+hsI76LOSlTPIJzrcntoeQ2UtEBJ3fJYf7Zn2/H/gJ/gUMF6DeQhBjAqEsHLuuF
taw6JV1fl5EM2GNi/HIjNZdhMCLGMvQycQc08O/6i/mGlweP+A0yqsmyk3h76sow
LcbBR80GCEyweKhKNSfZiYTF2T3CwfgE1B0ChnP9LiL+dNphj3rT53mcXE3P04VS
1pSPl9s2Y+o9YiXzcux0yumFRWSE7i0kmmlVWKuY0achIYgW4WCbXkJMJnn8wRW1
R7kmOsnVOsG8aU0zYc9H503IvkQlNszOtnP1jk91Ulc8MUVWGCTOfiWxW47gnW8s
+jp4VDNndff3prach0JhPafu61og0H8csvVHZh6qfAgW7Z7Kf6XY3xQRUM4Wl9t4
ZLWx8n8AiE/nG5i8afNxd2tjLkKZg4v8RdYqdhWk3URUu3T9nhA5PBjALRHhCxpr
NunipXblvfVmUkv7SDTOrWOgYPcFv07DAodI9wyaCWFSy+0IMFsYXSN/hC2zV8Ps
lr+9WeIONm8YUzmXpmYTuwg0uh2k+e0zT4lNCxwQHgaWBh7Ong4mxr65naN1Iq6D
zltppzYlx+ZLOGZlqLtqqyQdptZOe40ooT/BvqBS9jrzCb94bDHGiWC//NTIHRDB
1s+k/fJ4cVUsbdidP3Gr
=zRHP
-----END PGP SIGNATURE-----



More information about the security-announce mailing list