[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon May 4 20:30:56 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Moderate
CVE Names: CVE-2014-8160
iptables restriction bypass if a protocol handler kernel module not load
ed
Layer: meta-enea
=========================================================

This security update fixes iptables restriction bypass if a protocol
handler kernel module is not loaded.

Signed/SHA512 patch/README files
================================
0068-PPC-kernel-netfilter-CVE-2014-8160.REAME.asc
0068-PPC-kernel-netfilter-CVE-2014-8160.patch.asc
0068-PPC-kernel-netfilter-CVE-2014-8160.patch.sha

Description
===========
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before
3.18 generates incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allows remote attackers to bypass intended access restrictions
via packets with disallowed port numbers.

References
==========
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160
http://www.openwall.com/lists/oss-security/2015/01/14/3


How to apply the patches
=======================
- - - - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - - - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0068-PPC-kernel-netfilter-CVE-2014-81
60.patch.asc
patch -p1 < ./0068-PPC-kernel-netfilter-CVE-2014-8160.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVR7rgAAoJEHc+9u9ocWoUbKEP/jHj1G0SeloKCvPX2lGaWv7Z
9z3RrtM6B+9o07AemxcmYnprSCoBDYb7zVrgliounqW+2ZpLrhmgrDAdnGPS/ihN
eQ/qca3BOp8CVELe4GSGCb3GBecapbgTn/4vUxVFVmgoCbwJzWr6gnxHXme/aMpR
4ffjqYvWPTqpiaVTekMUo8h53ka1Ywons1Vm/s4aftw2MZsTqsm4w76nhLjjy2vq
yfgHuh749ArNkRtApUPHaQIl1HhpVc3pT3QkIvDTI5pecOf7EG6jVP/SGdhUZT+b
xUcjw+bGCCqcml527uxkwYz9Yi5vwIhEt7DCgLu3O+gxM3RrTcr+mMIMEeQ1T6Fu
6Ns6S9pPU7WSNTCBS+lRNdO1KV/KBOIHtkRNZZ9nCb5qkZ1iBhJX9YCPdFk0WMAl
CGoX8wdzUbENkRr6QVw4mRr1SLzK2Xd8khG4NZaAMPxb21bIbe0ue9eW89A8MOgV
I//Y4VGlLVta/txLACXq4SX6PuoKLLqGxy+K0kF48p//nJm1hhYRQkGAjp/3eNON
/U9OZziUj2+j9zo+ZWZ8SEwiH+x4tl3R1X5249Md5peLyFMcaVOhAtTuU1E5ALGG
bzNzsvIvWcUqG0Y33EFTp2gjumGXL3c9U0dL0pFwIx2adr5dH5NilbKl+3cjQFS7
Q5sUAVm0cX41LRRK5/as
=9g4M
-----END PGP SIGNATURE-----



More information about the security-announce mailing list