[security-announce] Kernel/target: Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon Feb 2 10:55:53 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Enea Linux Security Advisory

=========================================================
Product/package: kernel/target (FSL kernel: 3.8)
Severity: low
Issue date: 2015-02-02
CVE Names: CVE-2014-4027
Layer: meta-enea
=========================================================
Explicitly clear ramdisk_mcp backend pages

README file: file: 0027-PPC-kernel-target-CVE-2014-4027.README
Patch file: 0027-PPC-kernel-target-CVE-2014-4027.patch

Description
===========
The rd_build_device_space function in drivers/target/target_core_rd.c
in the Linux kernel before 3.14 does not properly initialize a certain
data structure, which allows local users to obtain sensitive
information from ramdisk_mcp memory by leveraging access to a SCSI
initiator.

Reference
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618

How to apply the patches
=======================
We recommend you to apply all existing relevant patches for your
release available at http://linux.enea.com/4.0/patches.

- - Preparation
Make sure that you have an installation of Enea Linux and have
applied existing patches

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0027-PPC-kernel-target-CVE-2014-4027.patch
patch -p1 < ./0027-PPC-kernel-target-CVE-2014-4027.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUz0mpAAoJEHc+9u9ocWoURH4P/RuCEJKDT0Ak6z5f/OSdIscL
ihwsdu4GJ4L95usjk+i5z/zJWX/is28kZw3iP2L9z0YAmwn2xz0B11jDBs3JJNUe
hRydKdY3DeZfq6Bp96+7qKNDO3d9sAPezw25rHqIrzWxui6w5CPg+o7Zya7exZOW
K9iRPawLXZ034Pcl4WIv9BdtRavdb0c4P9etgJ8Nef9iTNE3AuhkohuQFrF3HKj2
JrenKF9c0snivLUlCxnsg3AKT4L7jVUKPSVWv3Z6/bxHvyf2Qsm+3ceX5zuhXC1S
K7rpPvhSubxFf5bwBG6s9HOoGxHzMB8QFi/K/pV1pevMyaU1G5UH9XdKKenZE50L
oOevCuA78gzUz9c/vhAIffYYGH5zpdrFsgPEu+U3hUvzVQbAh1mXzetyElT1ovoA
HE7AByDiMSigIuRPj234+KQqcFEZOIHPIFf7RWJAoAy3mMsRZzuO1GW6Bx8k66+O
Q8W7NFRnlSoP+5SteajlNQ90W8kEgzxhf23zVakP8jLsnPC628YIeISVLJX5J5cc
dVpDj4+PqsCVJQ43AEM81Dl7l/oWV5iSRT6LlEPm9ZjtOopcfhzqEZMefhRevaOW
FGOHOG9DF9Yt4DRD0/d6Sst4PLr4PUbF6C2h8v8jt9VNqIeBicdFRZG3kI29d9hz
jEb3Lthlpdf4F4hr0jmC
=I6zq
-----END PGP SIGNATURE-----



More information about the security-announce mailing list