[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Jun 11 12:48:02 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Low
CVE Names: CVE-2014-8884
Layer: meta-enea
=========================================================

This security update fixes buffer overflow in ioctl.

Signed patch and README files
================================
0080-media-ttusb-dec-CVE-2014-8884.REAME.asc
0080-media-ttusb-dec-CVE-2014-8884.patch.asc

Description
===========
Stack-based buffer overflow in the
ttusbdecfe_dvbs_diseqc_send_master_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux
kernel before 3.17.4 allows local users to cause a
denial of service (system crash) or possibly gain
privileges via a large message length in an ioctl call.

References
==========
http://seclists.org/oss-sec/2014/q4/611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0080-media-ttusb-dec-CVE-2014-8884.pa
tch.asc
patch -p1 < ./0080-media-ttusb-dec-CVE-2014-8884.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVeWdhAAoJEHc+9u9ocWoUEa8P/AvW+rxwXIjzt6edI5c12W2e
fLru3LixozZ6lT50iET+GgCVU4G+hS/rxlE0LVcfZzNsbQfFBH03Y+azRXoxgUzb
vr31wbn/qyhj5dy25q6fyD9wdzs0l3f47hHJBQsjm1uc8MjTQRqqe4VEYKlIxgIO
ZxNGt/S66WRxEL27MuipMU30ddVpfUvY6uGq4vwbrUsplWEO5tVwtmAoxxlffIlq
FQL8w+uJ7LTbCL7GelBBg2SfeAB/mmB8Pznya3BklgIPwrHZ761zo6WhfabGI9Cm
J5ny1bxOEnjs0V47+zDIryn64M4e8Tx2O8UsFuKjFgsptozfj6qux25R3BygnDkm
BvuDYe1E2u6vKQ2nG+cxJ2TltmRvpu78aD5Ee2GkBYDy2z/94xCE3RF1GppCEXci
eJ4Bn4VEZzw5BssNtPAzxkYGqgfAg0qBLPqwz5WvuZ2TxZLWuPA+IMArjsH8pga3
4EKkQ5CR9FEuEjgT56WZV4ffkpoSqqOtSnwMeEyYRmD8xM9Gu8TD7j78xsNgEqZM
Zn/m5Aq1R2TnSyOxhh/RdBQDhxOOiEs40Co4pJOxYtNYC+MRiLbqrN4CSw16EZcN
X/1km9vUY1vDRWmdCMCeDK/rCsYrlsbepMQqMbbzN8Ovmhl6y9rgfnIcy2FFAx1/
oclJdEOdZ+OIAw5aS66c
=BVR6
-----END PGP SIGNATURE-----



More information about the security-announce mailing list