[security-announce] Security update kernel/futex: Fix for CVE-2014-8500

Sona Sarmadi sona.sarmadi at enea.com
Wed Jan 7 11:54:06 CET 2015


=============================================
Product/package: kernel/futex: pi futexes requeue issue
Severity: Important
CVE Name: CVE-2014-3153
=============================================

A security patch that fixes CVE-2014-3153 is now available at
" http://linux.enea.com/4.0/patches" folder.

Patch file: 0008-kernel-futex-CVE-2014-3153.patch
README file: 0008-kernel-futex-CVE-2014-3153.README

Description
===========
A flaw was found in the way the Linux kernel's futex subsystem handled
the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged
user could use this flaw to escalate their privileges on the system.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/ meta-enea
# wget http://linux.enea.com/4.0/patches/0008-kernel-futex-CVE-2014-3153.patch
# patch -p1 < ./0008-kernel-futex-CVE-2014-3153.patch

If you have any questions regarding the security patches and security updates please contact security at enea.com<mailto:security at enea.com>.

ESRT (Enea Security Response Team)
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Enea
Jan Stenbecks torg 17,
Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com<mailto:sona.sarmadi at enea.com>
www.enea.com<http://www.enea.com/>

 [cid:image002.jpg at 01CFDC00.44AA35B0]

This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20150107/cc2a08b4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 2021 bytes
Desc: Picture (Device Independent Bitmap) 1.jpg
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20150107/cc2a08b4/attachment.jpg>


More information about the security-announce mailing list