[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Feb 18 09:36:13 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel)
Severity: Moderate
Issue date: 2015-02-18
CVE Names: CVE-2014-7825 CVE-2014-7826
Layer: meta-enea
=========================================================

A security patch that fixes an insufficient syscall number
validation in perf and ftrace subsystems is now available at
http://linux.enea.com/4.0/patches:

README file: 0040-PPC-kernel-CVE-2014-7825-CVE-2014-7826.README
Patch file:  0040-PPC-kernel-CVE-2014-7825-CVE-2014-7826.patch

Description
===========
CVE-2014-7825
kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does not properly handle private syscall numbers during
use of the perf subsystem, which allows local users to cause a
denial of service (out-of-bounds read and OOPS) or bypass the
ASLR protection mechanism via a crafted application.

CVE-2014-7826
kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does not properly handle private syscall numbers during
use of the ftrace subsystem, which allows local users to gain
privileges or cause a denial of service (invalid pointer
dereference) via a crafted application.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0040-PPC-kernel-CVE-2014-7825-CVE-2014-7826.patch
patch -p1 < ./0040-PPC-kernel-CVE-2014-7825-CVE-2014-7826.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU5E79AAoJEHc+9u9ocWoUIV0P/RzMDSTWLYpnOsL4mXkwgroa
c6h6F9GlsMjOQnGHGi8N7ryexlURD8jRdQ3af4Ke2GbDcq4wuTGAcyvgD8OGDVO8
fK2HwwFqxcvIPC87RLsHaLgyRbEjlhDeruRjIVD0cRhbDfEVILw6z0rksQHLxX2r
FdASVM+Wc5mHBMVHxGtHzcROy7toIG4pScC0FogfuRScAeH5BP8+nG0QHv7cMfWs
KRCWAJch/FHGZ1NCAjbMJroolJXQSDSDcVIRNbefEm8RrkyDp8A6bMWPuKS/zUNQ
t2yU/9TWVq8IJoRM7DOLpS81r/1ObmNw+mI6cEjZvPqrTipXVIVpVMyAdum+nhch
XjqJCdtjH4dK117TiBz+EPEMQ/WuzE2BXAyaMekhcKLUEiEtu8Wy+Qr62IGPm60c
a9khIL8jpevdxAGj6qpx0vIcPz6MHwSTxKc+xo63MD9a74iwZ63q79FDOWvV6m+J
70NUiHlYw55o/RldcjkVS1vrOXGlGXFX+k3Nb3KICud/P6s1rhnp4X0285XOfVBQ
ODukGCbn0lle5HwyVNGfCSOiCR9EScRb1u5k3JjvjQGWDw1XmTIm2iISBDnrLG2y
8rh4tlVS4W35PMCUIOKFix38SlA42xALPkps35PfjgKDvMsGT3T07ChSlI6FG5z5
79ubDYjkNqvDbZ+vmSwv
=awxe
-----END PGP SIGNATURE-----



More information about the security-announce mailing list