[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Apr 10 17:56:27 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (Linux/x86 3.10.19)
Severity: Medium
CVE Names: CVE-2014-3690
Layer: meta-enea
=========================================================
A security patch that fixes an DoS due to routing packets
to too many different dsts/too fast is now available at
http://linux.enea.com/4.0/patches:

README file: 0059-x86-kvm-vmx-CVE-2014-3690.README
Patch file:  0059-x86-kvm-vmx-CVE-2014-3690.patch

Description
===========
The Linux kernel's KVM implementation before 3.17.2 on Intel
processors does not ensure that the host CR4 control register value
remained unchanged across VM entries on the same virtual CPU. A local,
unprivileged user could use this flaw to cause a denial of service on
the system.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/meta-enea
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0059-x86-kvm-vmx-CVE-2014-3690.patch
patch -p1 < ./0059-x86-kvm-vmx-CVE-2014-3690.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVJ/KqAAoJEHc+9u9ocWoUONoP/1GiBWHVw6gQeycKspyuSI9b
QMbl8c8ruQqjxg0K8hEnWn8muxKWFuo/aLcj7xD0EAnXQBcS+2z0/GSgUZv6c4e1
XfY9lmz5xEnTSaKOB8Un/KBou2t1gBnDn+wWVB2oUv/AkGKmAeZOdvR37fuEaIwN
UbEim8Zz97H0rRAfwzSDzlK53r5u6fDAqFvWM+i320uPm3M+WE2mxAbmdwuKlqbY
9S3wmLMX2AwiDtrrzCgy34qMaQL5itSl/0TWwhQ15rwMCRUx0tnJ2Tf6P2qvyQYh
jznCcKjxsQBBxqn0sBoXllfFsL7m3veUW6+5XtJtZpksFEqI7+GRzwr4UDNH/iVw
1GmqYrYDjPXJdfJl3WLWkFBcVj1IlmAWJ2SqZor+os7xqyAiVG68W42/IPfI9vXQ
RLOjhjVMPajmgQcppWtJ2JSk4GA0cGXC1TrvbKLOR5Ithm64IEhL/RE4aSTDaz/h
qmnLE+9kevg7yMoivq4ZLLCvBY7ucTdjRst0VwlSZxhq4Bk6ZnVluIob/ZkjG9ru
MDym1znwcWDy8w92mvPVLBWNXNk3TvW+ltF78gJGqOO4CatKMcw+3tYMRI5vyP1E
rCYhmvU4ndY5CDAmLKq3z1RXTsS5Bew1DdoRN3sn5QXQGJQcIGQFEuQAo7XvzBc9
RqoWN/i/BVpxETidF64Y
=Yxu6
-----END PGP SIGNATURE-----


More information about the security-announce mailing list