[security-announce] Kernel:powerpc/tm: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Feb 11 09:10:39 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Moderate
Issue date: 2015-02-11
CVE Names: CVE-2014-2673 crash when forking inside a transaction
Layer: meta-enea
=========================================================
A security patch that fixes a vulnerability in the Linux kernel
is now available at http://linux.enea.com/4.0/patches:

README file: 0035-powerpc-tm-CVE-2014-2673.README
Patch file: 0035-powerpc-tm-CVE-2014-2673.patch

Description
===========
The arch_dup_task_struct function in the Transactional
Memory (TM) implementation in arch/powerpc/kernel/process.c
in the Linux kernel before 3.13.7 on the powerpc platform
does not properly interact with the clone and fork system
calls, which allows local users to cause a denial of service
(Program Check and system crash) via certain instructions
that are executed with the processor in the Transactional state.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2673

How to apply the patches
=======================
We recommend you to apply all existing relevant patches for your
release available at http://linux.enea.com/4.0/patches.

- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget http://linux.enea.com/4.0/patches/0035-powerpc-tm-CVE-2014-2673.patch
patch -p1 < ./0035-powerpc-tm-CVE-2014-2673.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU2w5+AAoJEHc+9u9ocWoUwjoP/2Jom93oy0eqUWmuhkhW27+s
8UxFyWjKKOkC6DLVgPCfiNDk6usHfJ6ZV9txMY6gKL9cpdyOcZRplXWQI9auPu5N
jPkY7HvT41MqdNbrlEShOM9ViBQu02TQ+WSwjb8QfytMUfjw3yYhMVR7+9cq73fj
oVwsK8OKAbsz4A9lw4kF5ozy+Vnc/9NvA+3lLKU1PlysivgPOyryAr1Ceu2JP1AL
k9yPjac0zh3Zuy//Tol7WPj803FwcZJh1E5jQMrM8sz2HgoqKmROLEGUztHz1CGo
3zzY460/IHCaVfeLYrlhXH3BIBIBgkTB0Bj093sXpOi7BspeENx5r0JOzSK9OilY
r4pT5Cxj8UD/PoEQUvg0X0yJqcokTna+HrjJTLoeoElg2GSti7v9ZHpxPnC15twL
nrqtABk1so1xW4/yClGuvl+Qkd6Q5orAOhF2HWEBlVwd98syNJ49xtu92NYSRhGV
r23uW+ZqjEC9wxaYDFhxKSta3nn7SI9j3uO8zYrbdLtdyyiIThjnq9AwN3MvBT1P
hElNsKLVCb64U63phEFBE4CikAq1PJiU+uupj6tK7Z+RlTH0en4SFTQF0clF12d0
FO4xM6kfrwaE5b9sInGeyopk3F20U2h5q/kfV01WbAHBoA/VuoUjgBgBIJuiKVCs
FH22cdYnCHytEzAUz0h0
=xoXH
-----END PGP SIGNATURE-----



More information about the security-announce mailing list