[security-announce] util-linux: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Jun 3 07:55:03 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: util-linux 2.24.2
Severity: Moderate
CVE Names: CVE-2014-9114 util-linux: command injection flaw in blkid
=========================================================
This security update fixes command injection flaw in blkid.

The patch and README files are gpg signed by ESRT (Enea Security
Response Team) for verification of origin.
To verify the integrity of patches download the ESRT public Key from:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14

For detailed info refer to
https://linux.enea.com/5.0-beta-m400/patche/patches/README.asc

Signed patch and README files
=============================
0016-util-linux-CVE-2014-9114.README.asc
0016-util-linux-CVE-2014-9114.patch.asc

Description
===========
util-linux has a command injection flaw in blkid. The exact description
of this vulnerability is reserved.

References:
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114
http://www.openwall.com/lists/oss-security/2014/11/26/13

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/5.0-beta-m400/Enea-Linux-5.0-beta-m400.tar.gz
tar zxvf Enea-Linux-5.0-beta-m400.tar.gz
<Fetch and apply the existing patches, please refer to
    README file for the individual patch>

 - Fetch and apply the new patch
cd Enea-Linux-5.0-beta-m400/poky
wget
http://linux.enea.com/5.0-beta-m400/patches/0016-util-linux-CVE-2014-911
4.patch.asc
patch -p1 < ./0016-util-linux-CVE-2014-9114.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com	
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVbpa3AAoJEHc+9u9ocWoU1a8P/jz3LjCpdPt83uhZf0+Ha0k0
Be8HYVanigk3l3S6TzyTd6zgR+0CwgkhwdlIdiQchIn82iPA0hMjdvaFklPF8Wf6
VZ2o7qPuezN0EN6bFNde+r/OKhZgcXLm49QndiSo7WDs09saruV/DN3mpxz5HMDw
4C2c8fJnmOGgu2aipNBuux2PWWElYTIKDR15DeDiR/v8KtO1jDFg8HCd5eXHvc33
A7NInjFthIFF8QH+ojsElEmFJAdcMRxDaw+iXup+K1qia49zZIQnkQWcKYXpYeX7
/pUZDpbLQnv3nGaPl7ar9JFEraNm81OQlCmBobKrx37hlojl1iUWlMb+qpS7Ily2
50qnD+dcB2s3VPYtrGj74M48yKgqVMy0Bpcq54ncZXaPX3QrNDgcGCCQ+0/miQBh
et18rr9osulNAKFJV3bx9i3I0CJEhf6lw+TeTXHmNdMSZ2gTcft4r67dt+V8l8zs
vAunwt/rF9u/KixxyXnxa0mGdfKMcmE4LQElUwrVORJkyMSWEUNKa4w4t8sNR9/V
q5357OtAJk8xAMnFnRHSS9tZMfFdbYXKbis6djRgX4vfGoe6JpvGWjYXGi17pc1J
dMy56U0hwyVvnNMMZNehxnAw/oFSPCPfI34gbcL5QxDFI4CZOx5SxP0XwKe+oSXu
K11XARsulAxJ6D8pl0Jg
=4Mcl
-----END PGP SIGNATURE-----


More information about the security-announce mailing list