[security-announce] Kernel:cifs: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Feb 6 07:56:00 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Moderate
Issue date: 2015-02-06
CVE Names: CVE-2014-0069
Layer: meta-enea
=========================================================

This security patch fixes incorrect handling of bogus user
pointers during uncached writes.

README file: 0031-PPC-kernel-cifs-cifs-CVE-2014-0069.README
Patch file: 0031-PPC-kernel-cifs-cifs-CVE-2014-0069.patch

Description
===========
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel
through 3.13.5 does not properly handle uncached write operations that
copy fewer than the requested number of bytes, which allows local
users to obtain sensitive information from kernel memory, cause a
denial of service (memory corruption and system crash), or possibly
gain privileges via a writev system call with a crafted pointer.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069

How to apply the patches
=======================
We recommend you to apply all existing relevant patches for your
release available at http://linux.enea.com/4.0/patches.

- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0031-PPC-kernel-cifs-cifs-CVE-2014-0069.patch
patch -p1 < ./0031-PPC-kernel-cifs-cifs-CVE-2014-0069.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU1GWAAAoJEHc+9u9ocWoUErEQAIWJ7Z/XFSav3tAwxIxqxD8s
sST6Rc+y/1OJiT2pFywk9Jvu7aU28yGoY8ZW+nNHko4+67JciVjp+0r4A2Ap4SKg
scrkWVcCpRGYF9oAlhQUEjLaolXEx9mxEURE1OH/v10mUW44W+HejXrfuFAaU484
C/NcS47EdxREI2QIefsqrP4BQMxdBasnFNobgH44+e5YNLC5wzue4NIy6iOyhoEl
p8hVbqwOlHrFs4uoeu2y/a8RTRnXbxyoRW6ed/jN3RRcmkQtCfDI5M8mCNyw94Av
hTcnKEQfCKuw2ICqz4qPrUZqGV0MIxq+FMkIU5f2KCaGwK2zObsVX18blWomZ9mf
voWcfZQgEPGgJyhoTvL/SvwnwUiMbX/7ak64IeD3fwx8iK18Fm3B17fUt0+xyQKc
TVNFIfqhUFoipYmlS61nQZyNJUEkmzr9UXSWEtjjYQO6Crj9Chs8YNz131pGAIU7
ApoQPSLRhGt8FNDSuCu0Hv3mphGV/p7xC4M9JsKrKuCBAsVbMMW1wgCKindyqo9e
EWUvgYJqVM/dHmV6hYcrBVBw2GUXfcooy/tJTSzREKSvEgJcGYusGEznSFb28nrU
HuRsXeFetHdmu6pvgpwj4FhXq9BplKCBPzIC7HlLTEmBK1Al24dhJcVq/AvxWszY
2Z8kLtNmfk504JfgkmLK
=1+vf
-----END PGP SIGNATURE-----



More information about the security-announce mailing list