[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jun 26 12:31:14 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory
	
=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Low
CVE Names: CVE-2015-2042
Linux kernel - incorrect data type in rds_sysctl_rds_table
=========================================================

This security update fixes incorrect data type in
rds_sysctl_rds_table.

Signed patch & README files
================================
0079-PPC-kernel-net-rds-CVE-2015-2042.REAME.asc
0079-PPC-kernel-net-rds-CVE-2015-2042.patch.asc

Description
===========
net/rds/sysctl.c in the Linux kernel before 3.19 uses an
incorrect data type in a sysctl table, which allows local
users to obtain potentially sensitive information from kernel
memory or possibly have unspecified other impact by
accessing a sysctl entry.

References
==========
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042
http://www.openwall.com/lists/oss-security/2015/02/20/20

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/meta-enea
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0079-PPC-kernel-net-rds-CVE-2015-2042
.patch.asc
patch -p1 < ./0079-PPC-kernel-net-rds-CVE-2015-2042.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVjSnyAAoJEHc+9u9ocWoUMl8P/1/vg5RUXBN/SeVCHrDzkOeb
HsdiXlktOpmOMDmmaGEekSfJGq8/jF55mO0aJN7nbTlueSL5rKXrLc9nxkUqwPVJ
g4kZPopmuiY5xSboD2PdOkLeKXQvHu+xmlIS1qsvtMEZgmrlfYZ/f6zGemu7B+HQ
Erxi9XrmYhfIpQ72baORo3++xV0w8rIsG9R6DDQQcgUDJVkVS0OWe2BOOJ/dL2ZI
dfQSQUJu2mqA/Z3QmJlZrSUO1QXGJv3PB9ElqNmW/nhmm4UCoxeGOccIXjlU7f/z
bW2w1InWtGR1oBKId6OsTLJ9t9lr/pM8FApLzgun8eXw6V847npU440y5S2IeUFT
rcHeMtzVQ+VhYl+S56KsRqzXiXyb2VCOth0QF5jhxfkUgqPCn6RTpDpn2kcZNunQ
YJuEoGVRbD4Oh7qOZOUflVOiBnw9JVGOd84BNFW6gunIrtx4/oHdCWQghoG/spw1
1nHdsvuW8EIfEzXVyRyQKdQNO6kLg8/38AngYEDAoLfygKGovc4M+Imc1bB64IAx
dvN+49oG2lxOAKxB11fDTg2ap7hPvxQP8gm3AayOZnl/jtAS7vYqApGRkPqzzEHR
lCu+L97ndi0yzsAZOi8GGlRa6Pq4H2MEWqRNttLI28gwnNboAJGYEwWDKuYs3nIf
5HLzGS7qSAwWqMevRQu1
=wTAX
-----END PGP SIGNATURE-----



More information about the security-announce mailing list