[security-announce] Kernel/net-rds: Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon Feb 9 12:14:16 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Moderate
Issue date: 2015-02-09
CVE Names: CVE-2013-7339
Layer: meta-enea
=========================================================

A security patch that fixes one kernel vulnerability in net-rds
is now available at http://linux.enea.com/4.0/patches:

README file: 0033-PPC-kernel-net-rds-CVE-2013-7339.README
Patch file: 0033-PPC-kernel-net-rds-CVE-2013-7339.patch

Description
===========
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel
before 3.12.8 allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified
other impact via a bind system call for an RDS socket on a system that
lacks RDS transports.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339

How to apply the patches
=======================
We recommend you to apply all existing relevant patches for your
release available at http://linux.enea.com/4.0/patches.

- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0033-PPC-kernel-net-rds-CVE-2013-7339.patch
patch -p1 < ./0033-PPC-kernel-net-rds-CVE-2013-7339.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU2JaIAAoJEHc+9u9ocWoUxOAQALEm+jaHL3M1TV/cOudK2UEa
HuW4sxIjwtEcDeTQtpQUZEm6wQDm330DAc74RsV4vCsjbioPK3qfpOojTpi3ri5j
ikkM1a1Brptz5h/WaRyYOrUSyMeyCDrontSu5hM5k+afH9Tj1GunJA086MVzjRjm
TJZKdCjaHkcne+y7BJrjSqBcGlSAkDcS/hG9Oq0/m2ao9mCKrq9ona85m/9NAt6r
XfvRIXtRoX//uuluw2dZDZgCQNE+hfX6yHDXScPCgu9qj5K7E81ksZjT1VlLuf6z
M/6+gjBBur2tvjGEG3hwBF4Zo8+uHit9uM3VzshCexEY89hg7GVRvPvXNh/3j7oO
JyFweQK8YS1+jllyRd66wTdPFgs4ZPfhoLlcrP+2gyPWwVQoNVtZwXFJsFZ/wZew
7wo5vxfqsVaTlCtUC6sEGuaZ6jCJpYUY5tfOzXA1xQN1UQriAPCDx+ZRSzq4i2cw
9KTir154ZnE2ZlmgF58P1MPVmgAIa1be3JEsce019XKLMPZqnDbR1tzPwlC+L+Dp
PYFtDsuhw7k4ia52ZdXgsLlOqv9bfYvasPnxMPew5xUIs251vz+ZzSFPwA3YXLD7
SZc4Lfaro4wYCXT386EEcQDpAT7B6W5/KoY7ZxnsPH+eqSQQzNTQ/WWp4dyiC05V
JeDdJZCxzzlHMK9Mye+p
=GMId
-----END PGP SIGNATURE-----



More information about the security-announce mailing list