[security-announce] Kernel (x86): Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon Mar 2 12:49:28 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (x86/romley-ivb: 3.10.38)
Severity: Low
Issue date: 2015-03-02
CVE Name: CVE-2014-9419
Layer: meta-enea
=========================================================
A security patch that fixes a vulnerability in the Linux kernel
(x86) is now available at http://linux.enea.com/4.0/patches.

README file: 0049-X86_64-kernel-CVE-2014-9419.README
Patch file:  0049-X86_64-kernel-CVE-2014-9419.patch

Description
===========
The __switch_to function in arch/x86/kernel/process_64.c in the
Linux kernel through 3.18.1 does not ensure that Thread Local
Storage (TLS) descriptors are loaded before proceeding with
other steps, which makes it easier for local users to bypass
the ASLR protection mechanism via a crafted application that
reads a TLS base address.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the relevant existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/meta-enea
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0049-X86_64-kernel-CVE-2014-9419.patch
patch -p1 < ./0049-X86_64-kernel-CVE-2014-9419.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU9E5HAAoJEHc+9u9ocWoUEWQP/3OpTjPQKhc66vWlP9CaDC71
IsOqlOQeLxnYBmta8ssPcrdwyM8a/iKZ3OtPszf6diRSGY5StBbXDSDatfh9zdlT
XCzVRyssoyO2Pe2ugKHUkB2mSdnY/nz9Xes1svdFIgWmmUiOl1ZawSQTW0xnBTDv
0iXMfps+dRD7+doCfsZR04aWRd67vqe8HLIL70saZdZiBbKoloAmdA7KtvwklBv+
6mrk8nyOrN6XBhdD3q5S2u8Qn1gv5xUL9ZB+l8SL4knv2dPZ4SIRdW3mtmbeuGo0
sgr1eqwpR0iFHSSqZN4haucJVvSrn+mKC3Y/vtILQ6S08JYKvpNfo40jw8vU9juu
7Yl0ul6pilqi1EGNYsivK84ANtrtQur2GmLDk1E/5ojhZk4WE3YnRPTFtSFGhyQz
zXpF3YqqQ84wBOc84uGiu7Fblku9owyL6JQKj+tNbHUnW5ITN8Me0ZRUdVcF84Td
2L4IpwwM54xe57ihShBuwrZAuaxhBXNLet+V6vWEXBJBj4dvhO699wKHdDVWbRSg
/I3mg7eGBnqLRtVC+lAomDhyLVT61B4ZRj6nJMYHyBmXsdrWFCzDdW7rz7rXIRAW
9c5qHxFyhiwHhVHBC4ZN81tyW3z6pqua/RXV+LWKZ5VjOiGfzXhBShbk0Hm2MKSG
FSc1l6oDgQZ2t1di3hMb
=3+0X
-----END PGP SIGNATURE-----



More information about the security-announce mailing list