[security-announce] Kernel/auditsc: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Jan 21 08:25:02 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

               Enea Linux Security Advisory

Kernel/auditsc: DoS with syscall auditing

=================================================
Product/package: Kernel/audits: (FSL kernel: 3.8.11)
Severity: Moderate
Issue date: 2015-01-21
CVE Names: CVE-2014-3917
Layer: meta-enea
=================================================
A security patch that fixes CVE-2014-3917 is now available in the
"http://linux.enea.com/4.0/patches" folder:

README file: 0017-kernel-auditsc-CVE-2014-3917.README
Patch file: 0017-kernel-auditsc-CVE-2014-3917.patch

Description
===========
kernel/auditsc.c in the Linux kernel through 3.14.5, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules,
allows local users to obtain potentially sensitive single-bit
values from kernel memory or cause a denial of service (OOPS)
via a large value of a syscall number.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget
http://linux.enea.com/4.0/patches/0017-kernel-auditsc-CVE-2014-3917.patch
# patch -p1 < ./0017-kernel-auditsc-CVE-2014-3917.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)
Sona Sarmadi
Software Engineer/Security Responsible
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUv1RNAAoJEHc+9u9ocWoUvFMP/A6VB/p396e6E6QfvA9KrIkZ
ocIqpWWO0+ZyUQxBKoxugyAKLqMXbG4EEYFvX+Q6eB94gd2Ke/wwFIizGZx8n5Sa
k8J3a5NfYjvw1PRs5r2c7sRi7xbaV9xAn90zc4yTSlLx8lYrZJCoiylbFumJLnaX
fm32vOkXm8bT5NVjEiTy8rr/xeUoHRS8aVlJ4G2c4OYRNz1ntIluyjjWSvtAsXXR
JhdbpKjYjLR7kk/S0HP9+G2hc/3rOukAfW7xPdPfkOKewaa0yCHxVsyQXdyhGZwt
eC6rUfwjkcnWPwM/ie+0N7Dn0GQQ1UBhyapHkpi92AlnVLkkOLJAgUrxQCFNXWOW
e0yZZoVkpsQr717gQkGI+3pDXoH16bSJND3t+rasQKQNKqqrlXWnfbNZqlyLEEzn
7OtHTLA54FGWvjBLT0L+O40RrMFUt7dThWVkrlz/iAc/IK/LnSLD02ROc3W9EpGZ
v9Qpk7e6iaRYPn9Omuea9Rk512fwff1JO5/LWuvdhxtQghMJc0Gi+0CilgV4o93/
kIyKnW2VLZYnL3W8qiYISL6OBp8oB5bYYE6SqrMkn7jRTcK6jqwDY2DeczpPtX6x
rs1rj9GsR+9YvqW8cXbW1pdN5QMqN4W2N1e5+cug2BL/Q0I2J24yw5I4Wim8w+XV
9DWjWw9zHiYLvUOIXSZy
=1N5p
-----END PGP SIGNATURE-----



More information about the security-announce mailing list