[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Mar 13 11:42:19 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Moderate
CVE Names: CVE-2014-9683
Layer: meta-enea
=========================================================
A security patch that fixes a 1-byte NULL write past the end of
allocated memory is now available at http://linux.enea.com/4.0/patches:

README file: 0056-eCryptfs-CVE-2014-9683.README
Patch file:  0056-eCryptfs-CVE-2014-9683.patch

Description
===========
Off-by-one error in the ecryptfs_decode_from_filename function in
fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel
before 3.18.2 allows local users to cause a denial of service (buffer
overflow and system crash) or possibly gain privileges via a crafted
filename.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683
http://seclists.org/oss-sec/2015/q1/582

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget http://linux.enea.com/4.0/patches/0056-eCryptfs-CVE-2014-9683.patch
patch -p1 < ./0056-eCryptfs-CVE-2014-9683.patch

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVAr8LAAoJEHc+9u9ocWoUvHMQAIrCaLgJ0GCT+ksmykCfM0bS
XFmCCnzb5qwjG11zkkOmdCkR4oqPXBIFK5d/kgSKosNdkl0s4LaOtS+/LNZcaZ7A
F0K6YF6E7ZZVvaR3aWHkCNbPcGDy1UbIvqpAo56L8b13rqw/CA1SOvn4cnDc+DjG
JUMaO18g4wI9rm00d+OxgMKWov2fpL5/I4NBNzh2wJgdWFvRb0QLFpe7CpF34NR0
TnqxWoFL5/TYLGe1SHB7PWehblXBdZ2wJWhc0wf7vUomthJ7ZM5YKcQtC0TgkVKm
ICCnRHsFZy1IUkPadRLQvIIwE0e5Qng9JsGSkeUivQOIlorxFtlyPF5Wxf1PC1Ye
zI3dawLVGSxlny3e9QvmYDnYmGKbXABYMBJwoDJy0jzYm2XKTyt4ZpigGq/Q+QGb
VxW4gP7sTisV1pfVAoMFnTfwKMZmpJRW8FEVy+4npZMoOvCT2r9SssTTlV5iAzRn
P9u7sVe1P2ZH+pCcCvIq/9TrKz0BCEUe3pA70pgqzdFkaAumT1C2kl7IMen6BHkJ
hXtX5m62xCrHCV3ztWIAkGF0TeazUKZ3mQ81ODiCTiwjwD0NEjD9q3pyhGH0iU+3
2lgYkQAvynUqzODFWC4wVKxQIuQc018sru4+blsDqhtqJ1DniOEI4kvgNmtUmydq
hu9lACdiAg9xSdW7zLeL
=oY1L
-----END PGP SIGNATURE-----



More information about the security-announce mailing list