[security-announce] Kernel/MNT: security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Jan 14 14:05:27 CET 2015


                                            Enea Linux Security Advisory 

=================================================
Product/package: Kernel/MNT: (FSL kernel: 3.8.11)
Severity:  Important
Issue date:  2015-01-14
CVE Names: CVE-2014-5206 and CVE-2014-5207
Layer: meta-enea
=================================================
A security patch that fixes CVE-2014-5206 and CVE-2014-5207 is now 
available in the "http://linux.enea.com/4.0/patches " folder. 

Patch file: 0013-mnt-CVE-2014-5206_CVE-2014-5207.patch
README file:  0013-mnt-CVE-2014-5206_CVE-2014-5207.README

Description
===========
CVE-2014-5206
The do_remount function in fs/namespace.c in the Linux kernel 
through 3.16.1 does not maintain the MNT_LOCK_READONLY bit 
across a remount of a bind mount, which allows local users 
to bypass an intended read-only restriction and defeat certain 
sandbox protection mechanisms via a "mount -o remount" command 
within a user namespace. 

CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not 
properly restrict clearing MNT_NODEV, MNT_NOSUID, MNT_NOEXEC 
and changing MNT_ATIME_MASK during a remount of a bind mount, 
which allows local users to gain privileges, interfere with 
backups and auditing on systems that had atime enabled, or cause 
a denial of service (excessive filesystem updating) on systems 
that had atime disabled via a "mount -o remount" command within 
a user namespace. 

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5206 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207 

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget http://linux.enea.com/4.0/patches/0013-mnt-CVE-2014-5206_CVE-2014-5207.patch
# patch -p1 < ./0013-mnt-CVE-2014-5206_CVE-2014-5207.patch

If you have any questions regarding the security patches and security updates please contact security at enea.com. 
ESRT (Enea Security Response Team)

Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux Enea Jan Stenbecks torg 17, Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com 

This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone.




More information about the security-announce mailing list