[security-announce] Kernel/fs-isofs: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Feb 4 14:50:51 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: low
Issue date: 2015-02-04
CVE Names: CVE-2014-9420 infinite loop in CE record entries
Layer: meta-enea
=========================================================

A security patch that fixes one kernel vulnerability is now
available at http://linux.enea.com/4.0/patches:

README file: 0029-PPC-kernel-fs-isofs-CVE-2014-9420.README
Patch file: 0029-PPC-kernel-fs-isofs-CVE-2014-9420.patch

Description
===========
The rock_continue function in fs/isofs/rock.c in the Linux kernel
through 3.18.1 does not restrict the number of Rock Ridge continuation
entries, which allows local users to cause a denial of service
(infinite loop, and system crash or hang) via a crafted iso9660 image.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420

How to apply the patches
=======================
We recommend you to apply all existing relevant patches for your
release available at http://linux.enea.com/4.0/patches.

- - Preparation
Make sure that you have an installation of Enea Linux and have
applied existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0029-PPC-kernel-fs-isofs-CVE-2014-9420.patch
patch -p1 < ./0029-PPC-kernel-fs-isofs-CVE-2014-9420.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU0iO7AAoJEHc+9u9ocWoULaYP/j1XMZtq2zngSXrJ4ZYIBAvY
qRID8jkr6yQiitVmsh0wZ1ED3kDoQmcwHrm2bpid8nG3546NZwb/csgpYAvervsO
MljgKawBOccCC53dnOaNaBLhoWzaByaAGOk/4uug84hjY6/dfuc3BlAUc34aKxA0
lLQo+/7iBdyoRot9u85wmb+xfV0S7sb1rJv0ImUVIo+Pl90h7nfRzPsdbeKMxJYV
Gu6tA1FIMUT6W2CjogbGEllm64hY4f8lGrxKboMEYkZsyMAGAXuYYh1EJWeQG0/i
JKjCLGjlijFk8ImyEA4CjUB0/JrRqjNy+K+OjorDaJHyDhaR1xn0/jgfyH6QktP3
BfS+E8d0nvz9cR8rPoXkQz7bUbdCVElv89wuryoUgqHwDVZtrDVRjPNxsjCoh/m5
uL/iSOIk+obE2pBX5M0saidwXhVueke3pMZpm05ityyinFhY212WOm0bxQW5tU1s
ss0HeEKbibojobx70wSIDeQs1fmtSHsA6lFO4i6SUrpZlWcspN9pmVaYhvKi8BtH
qVEsk/uD17hmD+hKivEj5FgRUfT4P/vig8BDc556gUlG13lyW+OQuu1DiX9S/q+R
LZZhaA6ryow7KP51C0uwAnP59wkejPBR2ncil2PPfzVRX9wqSn5g3+lDpM5QLnJW
rcgkpYmw2WLie1DkNpNH
=9OAS
-----END PGP SIGNATURE-----



More information about the security-announce mailing list