[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jun 5 09:11:30 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (x86/romley-ivb: 3.10.38)
Severity: Low
CVE Names: CVE-2015-0239
Layer: meta-enea
=========================================================

This security update fixes insufficient sysenter emulation when
invoked from 16-bit code.

The patch and README files are gpg signed by ESRT (Enea Security
Response Team) for verification of origin.
To verify the integrity of patches download the ESRT public Key from:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14

For detailed info refer to https://linux.enea.com/4.0/patches/README.asc

Signed patch and README files
================================
0078-KVM-x86-SYSENTER-CVE-2015-0239.asc
0078-KVM-x86-SYSENTER-CVE-2015-0239.patch.asc

Description
===========
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux
kernel before 3.18.5, when the guest OS lacks SYSENTER MSR
initialization,
allows guest OS users to gain guest OS privileges or cause a denial of
service (guest OS crash) by triggering use of a 16-bit code segment for
emulation of a SYSENTER instruction

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239
http://www.openwall.com/lists/oss-security/2015/01/27/6

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0078-KVM-x86-SYSENTER-CVE-2015-0239.p
atch.asc
patch -p1 < ./0078-KVM-x86-SYSENTER-CVE-2015-0239.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVcUuiAAoJEHc+9u9ocWoU94EP/1WJIFi12MXpi+Tztg1YTqC8
+FpsRLVRbmM+ZKmPDyCXVuBIjIKOReTRpBkShmcw13CZ+ZKdNKgVBiQNayy/DkVW
kXv30WmvwiejOGVaHx67piDdovaehXxcNQS02BlJ6ew1PHllQRQvVzycZRw+RPAf
1Uv9zMmDXN6iIlLczSRN/ODjd3mdGesr0ZafqgqA+58PblrvDMZiE4UxVe9J3ERc
OAFwGHeKwdZttWjlsKfqBQaHkzQdN3kE84cdaE9+roxbRlpKvOiz2nT+Gj6dotgm
5rapDkrwVksrNjcHwxvlMTbUqOgr5DSH5AVGBSfNUAhmP2+lERk1LAtp9BBwVJAA
0mImKaB+M5+4+kU+J64ntxBOQmaXmxkNxZD3qfMIMkd0qPxSCrpSPqTEL6QNdanP
LfRHPqlrY14nS8TY3jLLEVa0rH3/SJKQQRau6m+qlxao8/z/P704xb/nSTVX0s43
g3lJ37eaJMyXzoN2Qe7Oyj4GmsQ5WheVZK4yWPUenwWGmzHXIAlVTnU+01CZ7myo
PsKZRZmfxmLeUajUhLGS3CrerkTPmjCbuTFPio0tvdP0EAElaKU/GgH7L1ZJnq+X
bRHxpdQguTHfXo7fIIuM0kF/DdMcOOVtLHtx4oXvLV/hIcMl6CjaLUl+3w6WAcEr
FZUV2TOuB6H+zJFoJ6qM
=Mnlo
-----END PGP SIGNATURE-----



More information about the security-announce mailing list