[security-announce] Kernel (linux-qoriq 3.12): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Sun Nov 29 14:25:25 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq - 3.12)
Severity: Moderate
CVE Names: CVE-2014-3122
Layer: meta-enea
=========================================================

This security update fixes a denial of service (system crash)
in linux kernel.

Description
===========
The try_to_unmap_cluster function in mm/rmap.c in the Linux
kernel before 3.14.3 does not properly consider which pages
must be locked, which allows local users to cause a denial
of service (system crash) by triggering a memory-usage pattern
that requires removal of page-table mappings.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122
http://www.openwall.com/lists/oss-security/2014/05/01/7

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/com
mit/?id=400fc13141fe947c38e8485ee9d37066d4533363

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=51e9248e1748fcd39
92cf47f6ecf9a3cb776c998

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWWvzEAAoJEHc+9u9ocWoUJoEP/Rwp2oaKw7j0H5qVLMr+44K+
so5PitZ3jE5Afvl4Zapo0vvUn4Eor5RJyb8yr1k1bWYIgEWMa6ee1S/XZeHYtKym
o5Sp825x7dwCJw+JNgIjSkE9evoj4QMKpImwZyJOe2VPdHMXRsqqtT91Kv3TKVRY
vRPLDN1swSL3IIUV7/eHu2pSXdLqCLiDyOMyTfeaRd3k1qh/0Kz+KoRupn/CTjZA
5UzBtKnNaM5zvsHFV41XSgl9F+fRJDXfs49PkbIqG2nxXJsFlm/oNR346S8/9CqM
rk6KKTc1c1aJ+vnrVTMROJLgS9P5dZrrOf54AXZhBKc+WvSpqV8qxh1Z9HZyuW9x
QEz4Ai3nk/7fDyrz59o3esUuzeKUrCTbDA/dE+PUgkd8efIw5uJJb84N593xqbzs
/1hzp0G7L/I7niLV39JQYgyZ0btGqwjroUATYvozI63uckiPZ7h9FWWWnkjqg4+F
1MKxqYCB5vUn+RBEA/cqpaYDjQ5xWuhTj6p9sBa5+nqUJPEQIop0X3Lt8lYSlS84
khlGAkGigqiXUEDhRhpCaTa2ShnlyGkPxBg7fOmMkYmrXNYk+pdPdBjfP91bJTnR
KpbvwWvsQGCixJ4ZsGxylyoLv47M3EKaC4enyWNol/tQbNQueYpaeXhtIU0VR+vo
puhB9glH1rl9iI63/N/l
=+MFZ
-----END PGP SIGNATURE-----



More information about the security-announce mailing list