[security-announce] kernel-net-sctp: security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Jan 29 07:38:05 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

kernel-net-sctp: NULL pointer dereference in af->from_addr_param on
malformed packet

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Important
Issue date: 2015-01-29
CVE Names: CVE-2014-7841
Layer: meta-enea
=========================================================
A security patch that fixes CVE-2014-7841 is now available at
http://linux.enea.com/4.0/patches:

README file: 0025-kernel-NET-SCTP-CVE-2014-7841.README
Patch file: 0025-kernel-NET-SCTP-CVE-2014-7841.patch

Description
===========
The sctp_process_param function in net/sctp/sm_make_chunk.c in
the SCTP implementation in the Linux kernel before 3.17.4, when
ASCONF is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and system crash) via a
malformed INIT chunk.

Reference
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841

How to apply the patches
=======================
We recommend you to apply all existing patches available at
http://linux.enea.com/4.0/patches.

 - Preparation
Make sure that you have an installation of Enea Linux and have applied
existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches, please refer to
    README file for individual patch>

 - Fetch and apply the new patch
 cd Enea-Linux-4.0/poky/meta-enea
 wget
http://linux.enea.com/4.0/patches/0025-kernel-NET-SCTP-CVE-2014-7841.patch
 patch -p1 < ./0025-kernel-NET-SCTP-CVE-2014-7841.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

Enea Security Team
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUydVNAAoJEHc+9u9ocWoUQZcP/iO91AlsbP0dj8JaB4rHMVGX
GfcLMEbeFBM9keJvkbl7SXP2HzSgfXc72y88aV8WDjCAjqtjvV8Ys78z5p5MamjG
jz4HwWF2El/OVAMT1rkrbJyM9WyFUEkfGENaJwxjLfr9Eb8WCzlNEWtZ8Q2jj7KA
M4rL4dPe9Uk/ECMr5UPa2c/RU8gN4dc4C8vzNhEX5+uSaYFcjiA0wpLdIZNhFwfs
jdbnfkXV4K1qhW3TicJjkt4Bodp5JR4gdniQlBqj/msj+fGTaewbEkqm9mCWXpbw
SVT+rAplMtEEFUdPKazOR26cR/ZBhzHmGDgAKI2y/xDYdVv46WI3/hUSrnfKIDKa
T8CDMTwQkrr7DExnRsTom8CmlmX/9TN/oCafmlausIKuCJ3DitpUcg5UdE47M02z
rfcRKavltK0pdLkXcLPoRCr0N35sZj1NzttofnaLgaiT9MwjjukOnR1K70uSlScn
zxnhYaZ8WyCaxdOcz4PkVFu7HTuKmGFJ4Q0WxmoVIASDWdUuVkQX9E75JCFU+XIX
ggeVOcp0VrxkJvjMgm1OlMUu5UjM4K/7T2cS4AdSHfBTV017RazqBr3xKvtaOhVd
GfZ/uzIYKhQ2x5oagJHBhtvRWiouDIeSN9AU3u5eEF77wasGZkmMsSpPW1g2DlKQ
jW4ZowFf3rRSClVirDeN
=XaGU
-----END PGP SIGNATURE-----



More information about the security-announce mailing list