[security-announce] Kernel/SCTP: Security update

Sona Sarmadi sona.sarmadi at enea.com
Tue Jan 20 08:09:51 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

               Enea Linux Security Advisory

kernel: sctp: sk_ack_backlog wrap-around problem
=================================================
Product/package: Kernel/SCTP: (FSL kernel: 3.8.11)
Severity:  Moderate
Issue date: 2015-01-20
CVE Names: CVE-2014-4667
Layer: meta-enea
=================================================
A security patch that fixes CVE-2014-4667 is now available
in the "http://linux.enea.com/4.0/patches " folder.

Patch file: 0015-kernel-SCTP-CVE-2014-4667.patch
README file: 0015-kernel-SCTP-CVE-2014-4667.README

Description
===========
The sctp_association_free function in net/sctp/associola.c
in the Linux kernel before 3.15.2 does not properly manage
a certain backlog value, which allows remote attackers to
cause a denial of service (socket outage) via a crafted SCTP
packet.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget
http://linux.enea.com/4.0/patches/0015-kernel-SCTP-CVE-2014-4667.patch
# patch -p1 < ./0015-kernel-SCTP-CVE-2014-4667.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)

Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux Enea Jan
Stenbecks torg 17, Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUvf8/AAoJEHc+9u9ocWoUnfsP/Rji6qDZFvgDgzSMSprc2/xH
f1RqGfnb00BmcY9x6kaEAPHVqlffPkcw7BwUA5TAGlDsTm+CPwKJCSXKPQxD5bwv
8ZcQO58/tps3T7VGAY31YhjuC/g9vtzotymWnQgiahGrpMv25nihoQxYN9GRS9jv
7cWyL3nf83VXbNNU4Sh96/a2nxTqlGRrk3SsATYd8NUqHfEnfTdSJo8et+0M6ZTk
aCuOOV7awxU99lDZc6+V2TPPPwPVR86z8dhXOHB48pfHPBYPaDBvvpaxsMKQ5f5p
MmLk1zkAsRi3fouEKnXjPx5jcVez38jGzrzYB6jl14i4oOO71l2A+LcOcd+P7d0s
Hea50hbbPUVKDXOAiW35GkjxYneOJ6WziS3QGzYjHq7DOxTVkB18QnIEEK3wzgrW
f0EpFPCI3dml4L9fZbcdsPzH94LmZsA2yrXqtVsqVQdSaNXBssu4vwW9VdZm+UX5
qkcfV+Q0Wb46dsCoMPwX4b3lRq6De6/jTf9qWsHKu0PbzKBbca1Efz/qQha4G4l4
ZSIVh4GNQcpPToooNfyuZZG3IxyHs9LkD+bglARUATZaAIp6fpot83D+fJJiBPkX
Xinw7UoNADqrWO3JwSH8s7YPqOb7Sf80qJ6EMQdymYgVpKiROaPXIdwLUd821Wht
I6pcG9gxet87/FDe98a2
=PZzd
-----END PGP SIGNATURE-----



More information about the security-announce mailing list