[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Feb 25 12:19:30 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (x86/romley-ivb: 3.10.38)
Severity: Low
Issue date: 2015-02-25
CVE Names: CVE-2014-1739 drivers: media: an information leakage
Layer: meta-enea
=========================================================
A security patch that fixes an information leak flaw in the
Linux kernel media device is now available at
http://linux.enea.com/4.0/patches:

README file: 0046-X86-kernel-media-device-CVE-2014-1739.README
Patch file:  0046-X86-kernel-media-device-CVE-2014-1739.patch

Description
===========
The media_device_enum_entities function in drivers/media/media-device.c
in the Linux kernel before 3.14.6 does not initialize a certain data
structure, which allows local users to obtain sensitive information
from kernel memory by leveraging /dev/media0 read access for a
MEDIA_IOC_ENUM_ENTITIES ioctl call.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the relevant existing in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0046-X86-kernel-media-device-CVE-2014-1739.patch
patch -p1 < ./0046-X86-kernel-media-device-CVE-2014-1739.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU7a/CAAoJEHc+9u9ocWoUcDwP/3TAHHtDzyK7GX5zob2/VHcA
KBRJRECAd09gLV0uxnAVu5CFNPjTwCPkET7nDm4klk01NdYS9/5nq5Ueal72RQ4W
++Ad0rcKSoGHyoIP3nTr2L7CGan+yTbd0Q4zkdvlEWUi6XMqw1abxGzObigt0k+i
I1c7rYLID31pOM0598JxKpDP5OTBVW1mGNo6DeT0i3cODB4dO5c6FEcY+SSDsfcV
qdjHZ5uFxxg8Qw5FcnhAZcRhOf7nrG3FYuuLk7ac8xt05851va1iDK+Amb9H3tuX
4BKV1Ed5RnyjaYmDznif6HPW+bGhubaqePKvV8Zxflxkr7duBVFoKLZtOVvp0y5g
6MIPjqp9oN/nO3DtwnJbIBrdZg7Pq3vuFCGGL5e8t/Y+jiq1BBLakiCHNrDQcUfq
nOns9UHcgYZf6r69oBr2W2X58Xk08wex5GIqTineNlIP6VlZRawV8gzVV5kFV2v4
8J2y6lUW9tHkZ54sadT2JWc9chulJX5TjNCeAN7p/5/v5XMB1qQ+aTnp+WHcz8qE
POZS0bPMCIwabmnaRR04W5JMMSHqGSQXcS5WJqbPrvmigNBomeBfj+okq0nJSCPk
gLzbQTpi7/ucmBAP/BSUlRa+ejV8A7yiZR2OORQ3n+4vmvI8TjZkWFXI35cXYrQU
eMl9ZV0d0Znk9RsI3WaZ
=/17I
-----END PGP SIGNATURE-----



More information about the security-announce mailing list