[security-announce] Kernel:powerpc/tm: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Feb 11 13:47:35 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please ignore this security advisory (sent 2015-02-11). We found an
issue when we run additional tests on this patch. We have removed this
patch from linux.enea.com/4.0/patches folder.

I apologize for the inconvenience.

Best regards
//Sona

Sona Sarmadi skrev den 2015-02-11 09:10:
> Enea Linux Security Advisory
> 
> ========================================================= 
> Product/package: kernel (FSL kernel: 3.8.11) Severity: Moderate 
> Issue date: 2015-02-11 CVE Names: CVE-2014-2673 crash when forking 
> inside a transaction Layer: meta-enea 
> ========================================================= A 
> security patch that fixes a vulnerability in the Linux kernel is 
> now available at http://linux.enea.com/4.0/patches:
> 
> README file: 0035-powerpc-tm-CVE-2014-2673.README Patch file: 
> 0035-powerpc-tm-CVE-2014-2673.patch
> 
> Description =========== The arch_dup_task_struct function in the 
> Transactional Memory (TM) implementation in 
> arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on 
> the powerpc platform does not properly interact with the clone and 
> fork system calls, which allows local users to cause a denial of 
> service (Program Check and system crash) via certain instructions 
> that are executed with the processor in the Transactional state.
> 
> References ========== 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2673
> 
> How to apply the patches ======================= We recommend you 
> to apply all existing relevant patches for your release available 
> at http://linux.enea.com/4.0/patches.
> 
> - Preparation Make sure that you have an installation of Enea
> Linux and have applied the existing FSL kernel patches in the
> right order
> 
> wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz tar zxf 
> Enea-Linux-4.0.tar.gz cd Enea-Linux-4.0/poky/ <Fetch and apply the 
> existing patches >
> 
> - Fetch and apply the new patch cd Enea-Linux-4.0/poky/meta-enea 
> wget 
> http://linux.enea.com/4.0/patches/0035-powerpc-tm-CVE-2014-2673.patch
>
>
> 
patch -p1 < ./0035-powerpc-tm-CVE-2014-2673.patch
> 
> If you have any questions regarding the security patches and 
> security updates please contact security at enea.com.
> 
> Enea Security Team Sona Sarmadi Mobile: +46 70 971 4475 
> www.enea.com
> 
> This message, including attachments, is CONFIDENTIAL. It may also 
> be privileged or otherwise protected by law. If you received this 
> email by mistake please let us know by reply and then delete it 
> from your system; you should not copy it or disclose its contents 
> to anyone.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU209nAAoJEHc+9u9ocWoUAqgP/1hKEvFPaASWm8irLAgRiSml
bxsy9+eSVP4Pv5RN7N1woF2PRTnhpuaY18krvFH8BsfCY4jGPPlqaBIxbUfoeEHa
bsKw5wBpyR1iKspg87eYwev2Z0fVhvuhkBaEsPvqLmTr48gCARL1BRKnofheKb6x
JAF2ALujc5RArCMFVjt38jX4e/2tnWQurF+RVUm2ffVrNBRhVIVWLblGRXfJQZb9
P9TEX7dxEs6/qaln/MP5XrW2V7/Bc64+6migueiXsz5WjZVQJMqXuodC0WIOiqVj
zxPoGPO96POoVkF2RHztAb12VSc0L6QultgWuEx+86Z0hv1/MeG0isAx/QfaNZdX
ucIivyCw1PI6OCOffC+JdPHcmYkv3GcICKxY11X4F9XeCae2sUzC20EjOuKvscza
he2dHqs8rBk7PwBwAchZkvIJHU2JlDjEM6zhXeJv8RfijGTOzJ9VAGaDLyNYUsv2
jqsp/Nk8RRj0JI3850+loOJHWuY/vMNjQE5F9f0I8b4cOP+TJfJJgXX5CeQqdXrD
Qqi3QJfgIzj+6spzCKRUYP35IlswBclsU2YBXPbNbQ6CRVCyEpjemoQ7jo0jOrmi
jw/hKqj2Vf3LQ9ZXW3fHtwfZ2xDrNrkxQRqaz9LzWWksZCdLbvq89SugQ4BEc1r4
9Agva/BJpJLNVqUlffOG
=hFmf
-----END PGP SIGNATURE-----



More information about the security-announce mailing list