[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Apr 29 11:25:04 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (Linux/x86 3.10)
Severity: Low
CVE Names: CVE-2014-8134
Layer: meta-enea
=========================================================
This security update fixes a NULL pointer dereference in sosendto()

The patch and README files are PGP signed by ESRT (Enea Security
Response Team) for verification of origin.
To verify the integrity of patches download the ESRT public Key from:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14

For detailed info refer to http://linux.enea.com/4.0/patches/README.asc

Related files
=============
README file: 0066-x86-kernel-kvm-CVE-2014-8134.README.asc
Signed (ascii-armored signatures):
0066-x86-kernel-kvm-CVE-2014-8134.patch.asc
sha1sum: 0066-x86-kernel-kvm-CVE-2014-8134.patch.sha

Description
===========
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux
kernel through 3.18 uses an improper paravirt_enabled setting for KVM
guest kernels, which makes it easier for guest OS users to bypass the
ASLR protection mechanism via a crafted application that reads a
16-bit value.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134

How to apply the patches
=======================
- - - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/meta-enea
<Fetch and apply the existing patches >

- - - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
http://linux.enea.com/4.0/patches/0066-x86-kernel-kvm-CVE-2014-8134.patc
h.asc
patch -p1 < ./0066-x86-kernel-kvm-CVE-2014-8134.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVQKNwAAoJEHc+9u9ocWoUnsIQAKd1VnO3efH0JlKQkYCQyZSD
PcJFLg9A+EFHCLnW7LjWFdJN2tX+PgLZGcCk2FdB8bhOOOmf44RjXGGPs2TTMHVH
WwvKKGTWE9TQzkclnEPJkWAwRIr9AwTnTmerSR96K+xaQ7vNP6m23vO1M02SK90w
v0UYWlWqQhxfAPnPK2rsmd4qSe72IdfmUutppdHo5NjZVCOW4bAneaTCZ2EavG4C
+qGV1VNDJfcbct1dvMx6VZ2pP3AASZoPbSoufDj04Kx7SlJnZHM9Wq2f7N5HA6Kr
0O8O/XzZ+DhKYXKAmRUlhUxo4pzhiINmoWlxKDvcxRB13N4g6sv3WAmZC+uuyMpJ
fPDVVt/xFpBcZ57OeS5MzuDcN4yIAleBKmtTweeC+eBPRxWx5O0prT9fzL4K/Xpl
cTy8z0si2XNwoYQgOXM1Ob6FKnlv1TtG9JkTsu2tkLQa3oOFr0l+4JMpt5cE+zxk
1ozCAm76YorwCqKG8hRCkX2E3sbDZR1ReEW+ikQlw1Kh3eA0l/tUTM7x1s4rnDGL
qln19/ecoNKAejivaMCHawNcNs/5IKC7kpzouJ/FF56OaR/PrsW5NYKlr/6RMR7r
LtQ6RHrAdVg7CeQ2ASRqf8FGuqJokDsv4ULZXloYb1eCb0YMLEh7LjDjkgW35+Xj
36EuZyj3svtFXJ5BPUQb
=nNuq
-----END PGP SIGNATURE-----


More information about the security-announce mailing list