[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon Mar 9 17:29:13 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Important
CVE Names: CVE-2015-1465
Layer: meta-enea
=========================================================
A security patch that fixes an DoS due to routing packets
to too many different dsts/too fast is now available at
http://linux.enea.com/4.0/patches:

README file: 0054-PPC-kernel-ipv4-CVE-2015-1465.README
Patch file:  0054-PPC-kernel-ipv4-CVE-2015-1465.patch

Description
===========
t was found that routing packets to too many different dsts/too
fast can lead to a excessive resource consumption. A remote attacker
can use this flaw to crash the system.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1465
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1465

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0054-PPC-kernel-ipv4-CVE-2015-1465.patch
patch -p1 < ./0054-PPC-kernel-ipv4-CVE-2015-1465.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU/cpYAAoJEHc+9u9ocWoUffYP/0Q5w1KK2tYFHl8GWj8paz8N
roxf5bmyMq7fx/NvHuv1nsg9P7ucbNzWrLZCkdUYeTiJf+4zQycTlm2L/Z96njS2
pH/BoMBsB4iq1fioTDQyENtSHgOucKyv90ifdK+5gspXiFZyoq1sQiwdpTzfAxlW
Y819pZdk7NTHSVtB8aGMkvhcQlH0Hk76CrwFesY+JSIaZZN39PiYBIhf+g1tPJpI
sH0/KDz1XITDgKnfe6wswt+Zflzox/ZG7Iunk7e4qyv5QipfrsEavbbpURvxeRNG
RBoj6HTp8msKF/NWKq200h0RQDuDxoWbz20Z4iEOP5tq37AtNmIMXRkfc6Mcg2iC
2Sym9/G8enPX7AVoDp3xK9X/n+3j+MlLkQ6jX8QrsYUIjDm7n9I5LJ3/rBlpb6o3
7VPTfZA5onPTGrJpT9Nl2M9RDVSg36RjZxiH7xhf9Vu8WYPmXnnBosU8SceBCQIs
vEqiTz1WaiY+ABOT03yyi9dVfmYzEEhe+VKeNFh3zZtwGmPvB4DCu1HCfcSKe8S4
5vxR6gtUN0s3dDi1MynRFWzgO91Dknz6zSqt15Xjer9zMbt0ClWgFEvL9L1f5FF4
++uBBe++aGLxXTeK12ZsZYCAbstrJgnE86qzRLQnSju97CzWqJfkvgtKgYOjeQLY
USiENDaPVsFscV5FromC
=MP4I
-----END PGP SIGNATURE-----



More information about the security-announce mailing list