[security-announce] kernel/ udf: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jan 16 22:21:12 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


               Enea Linux Security Advisory

kernel: udf: Avoid infinite loop when processing indirect ICBs

=================================================
Product/package: Kernel/UDF: (FSL kernel: 3.8.11)
Severity:  Low
Issue date:  2015-01-16
CVE Names: CVE-2014-6410
Layer: meta-enea
=================================================
A security patch that fixes CVE-2014-6410 is now available
in the "http://linux.enea.com/4.0/patches " folder.

Patch file: 0014-kernel-udf-CVE-2014-6410.patch
README file:0014-kernel-udf-CVE-2014-6410.README

Description
===========
The __udf_read_inode function in fs/udf/inode.c in the Linux
kernel through 3.16.3 does not restrict the amount of ICB
indirection, which allows physically proximate attackers to
cause a denial of service (infinite loop or stack consumption)
via a UDF filesystem with a crafted inode.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget
http://linux.enea.com/4.0/patches/0014-kernel-udf-CVE-2014-6410.patch
# patch -p1 < ./0014-kernel-udf-CVE-2014-6410.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)

Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux Enea Jan
Stenbecks torg 17, Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUuYDIAAoJEHc+9u9ocWoUHr8QAKbqTLASHlnyGCiZRFxxk3BL
H3AfozD+u//I4wGSu6z6QyM6aaXObNx1uPMy1R7WfjUm2o5tjwBMRUj9KD5g3gca
d+POU9XB0flNv0p/Xzz+eZiItABlylW+1u+ILBmlhPb711H7GLvGmMVzjugublNj
Oj7DehchQPOP+pYup2TBJwvy9kcsupraL02O7ITcMH6O4Bo2lNRf+tMj9I4O3A0H
v90ajsmYIzF2HdFmD21n1kgKZseuWfZj0Vm5IZ5CUeKIUKFIdAOXXs+l+Cx8lhsf
/a4ElnwcuNm13Q8sLL6ADwx5tVFrmEdzYTwipoA+b+3w1XuCKfFzm+6d7tLkqkeB
12+9CCxpm8Q78qgFebrWh8a5w5MN2P07DGpkgij2TKIscs2F/zczTYpKoGGvJIm7
GZQ12HM6kRWq8p2S3bLJGl6oR1+zhJfGcZumE/ah8p2hfjBTZWBxEtngPwzVnxJ3
fgdVa8B9TCA2mEkj5TcjTk7c4SeyvxEN1vnHfT+HHpcuLyTEMSdHS4JyUKZOFy60
glV05bygEZjoA/ZYTISycfEKang64eFi9KUfcLTZARLNTNPSBNNhpQ9QQVzMahPQ
hJMYT6I57kuXvXhUwZQVHXDGprPtzyS1tpa1l2mQew25pPzT0/ZWryUjw2Pkl759
XHyALxqCdxMtxJc/1dxQ
=lRQA
-----END PGP SIGNATURE-----



More information about the security-announce mailing list