[security-announce] Kernel/USB: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Apr 17 19:28:50 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Moderate
CVE Names: CVE-2014-8884
Layer: meta-enea
=========================================================
A security patch that fixes a buffer overflow in ttusb-dec
is now available at http://linux.enea.com/4.0/patches:


README file: 0061-PPC-kernelmedia-ttusb-dec-CVE-2014-8884.README
Patch file:  0061-PPC-kernelmedia-ttusb-dec-CVE-2014-8884.patch
Signed patch: 0061-PPC-kernelmedia-ttusb-dec-CVE-2014-8884.patch.asc
sha1sum: 0061-PPC-kernelmedia-ttusb-dec-CVE-2014-8884.patch.sha1

Description
===========
Stack-based buffer overflow in the
ttusbdecfe_dvbs_diseqc_send_master_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash)
or possibly gain privileges via a large message length in an ioctl
call.

References
==========
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0061-PPC-kernelmedia-ttusb-dec-CVE-20
14-8884.patch
patch -p1 < ./0061-PPC-kernelmedia-ttusb-dec-CVE-2014-8884.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVMULSAAoJEHc+9u9ocWoU+0EQAJ76+0CwWm66nQ/Wo5YF5UHv
Uf+ySNTZq1nyMsb+7hMg7dWvVb60+o+aR1zOjjqbVYqjfgIk35yplPY5yfdDPvGP
vRx5Htbd1pmhS3pYrS1QUve+spkl/GzOAEHKed3//ffn2c/0gGGxYpMeY0zE9R6y
MqG2tR7P6WAOoERsqoBiVdDSFo19TyeZkKg1OOTFCwTAXDj4psvTGRqhEP4mjETl
lQytGUU03WpNv/0GVZfo3cJbfVkb2nkrtPAsCkirKlPDcvWvK/KVjm5O8Fxy3y/f
LMmjwwC/H35jX+2qPPwvAjgu6v03GprFAxhh3yBSJx+IUNOA50llK7kmrliZudU0
5SOgejdRJwvcmr+lYL1qi4gqzROT7HeX3jZbwbwN0j/oAXQN6bYJYPRaD3xgAbJi
FJ7ymXkf5II1bBI69qbwIw0Ex3Ln0R373j3GnIIK0pvIATbQesCFFvPaA5MnQDY0
nZX+eWEs76bQwyzxJ88WCJ0Hy4emEZTCF3GylEMeBqhGu2WBuZthFvyGhmn+k8C9
6NAyLVAuVKvRjTSNPp5VVDNh3vAUjRLXvNWL/cIT7153RW9V4Pyxlf17tLXcawLM
ycOuUbmu8LZa/epIBnieepBEVvwLrCfHk9ag9Qztp1uhyQDSWZiN8uyZcIopFDjP
ogizFefT/Th6lwv34nPJ
=JRew
-----END PGP SIGNATURE-----


More information about the security-announce mailing list