[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Feb 5 09:11:37 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: low
Issue date: 2015-02-05
CVE Names: CVE-2014-1444, CVE-2014-1445, CVE-2014-1446
Layer: meta-enea
=========================================================

This security patch fixes assorted kernel infoleak

README file: 0030-PPC-kernel-assorted-infoleak-security-fixes.README
Patch file: 0030-PPC-kernel-assorted-infoleak-security-fixes.patch

Description
===========
CVE-2014-1444
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux
kernel before 3.11.7 does not properly initialize a certain data
structure, which allows local users to obtain sensitive information
from kernel memory by leveraging the CAP_NET_ADMIN capability for an
SIOCWANDEV ioctl call.

CVE-2014-1445
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux
kernel before 3.11.7 does not properly initialize a certain data
structure, which allows local users to obtain sensitive information
from kernel memory via an ioctl call.

CVE-2014-1445
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux
kernel before 3.12.8 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG
ioctl call.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446

How to apply the patches
=======================
We recommend you to apply all existing relevant patches for your
release available at http://linux.enea.com/4.0/patches.

- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0030-PPC-kernel-assorted-infoleak-security-fixes.patch
patch -p1 < ./0030-PPC-kernel-assorted-infoleak-security-fixes.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU0yW5AAoJEHc+9u9ocWoUzFYP/izoKZPsAVAnPMccWjZlZ2ci
Fvlz3GJ9PEIxqqpwzrunrG1X07j+o+vlWzeZtU/OG3Oama2zMoI9F1IIN7VXEYfa
ty0Qc7qVgshMcPIADhqiJ6IfP++FrwK2yvzBZQdKtTWz6+nduiLg8QueGV+4FHlU
K0ulX4N87Q3h1QflM/twhcBe+8ngoe1KL027xLNR0jmTc0E8BJUM4ftNJ7HacqAp
0NhuNCCDgbKw2ZDwBo6NHLqThD24ir8ZCgcVf/WAPbIx4QeYgniwDbDfM/YbqnzT
KniFSXMcu/6X5pmAc1E/BKkcdGu/JcXTtpWsmPbDGWcc2UYTRLINmOb2PDeWWaXB
urLeqgOz4LC9LHbOu3GrqwnXytFUfLOxQ7gbG9dRyn8v6Klk3oTW8pO4DN0B2MlA
U3HbiwZ1M/r0ZheXJq88wMOqsDs8uH8xpv8E8IGWBHGdrE2uQODPgDL3KIJy3F5C
HLszOMBIIJvOFHDqevG7epTHDfAzKVj3PEum0PXVJ5kKpIMCZykKulzrmO6CFJ6U
4/6Y5q1QgA3WXFIZblOU/n0kepI8EUPvfBGcBULrNUyXcemqUTBtCBVpvxhgi6h9
vD2YZ7oAkhwpEKtiMOAK/rTx4mATxROUUdwRhc/9A3wrOdcbbEmi7uancU6QHb71
4RrrDBkPQAoHTCmAixql
=GZMp
-----END PGP SIGNATURE-----



More information about the security-announce mailing list