[security-announce] Security Update (CVE-2014-9420, CVE-2015-5364, CVE-2015-5366, CVE-2015-2041) : Kernel (linux-qoriq 3.12)

Sona Sarmadi sona.sarmadi at enea.com
Tue Feb 9 12:35:59 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq 3.12)
Severity: Low, High, High, Low
CVE Name: CVE-2014-9420 (Low), CVE-2015-5364(High),
CVE-2015-5366 (High), CVE-2015-2041 (Low)
Layer: meta-fsl-ppc
=========================================================

This update fixes several vulnerabilities in the Freescale kernel
version 3.12:

fs-isofs: CVE-2014-9420: Fixes infinite loop in CE record entries
kernel-udp: CVE-2015-5364, CVE-2015-5366: Fixes incorrect processing of
checksums in UDP implementation
net: CVE-2015-2041:  Fixes information leak in llc2_timeout_table.


Description
===========
fs-isofs: CVE-2014-9420
The rock_continue function in fs/isofs/rock.c in the Linux kernel
through 3.18.1 does not restrict the number of Rock Ridge continuation
entries, which allows local users to cause a denial of service (infinite
loop, and system crash or hang) via a crafted iso9660 image.

kernel-udp: CVE-2015-5364
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel
before 4.0.6 do not properly consider yielding a processor, which allows
remote attackers to cause a denial of service (system hang) via
incorrect checksums within a UDP packet flood.

kernel-udp: CVE-2015-5366
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel
before 4.0.6 provide inappropriate -EAGAIN return values, which allows
remote attackers to cause a denial of service (EPOLLET epoll application
read outage) via an incorrect checksum in a UDP packet, a different
vulnerability than CVE-2015-5364.

net: CVE-2015-2041
The rock_continue function in fs/isofs/rock.c in the Linux kernel
through 3.18.1 does not restrict the number of Rock Ridge continuation
entries, which allows local users to cause a denial of service (infinite
loop, and system crash or hang) via a crafted iso9660 image.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2015-5366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420

Reference to the upstream fixes:
===============================
fs-isofs: CVE-2014-9420
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=1fe5620fcd6c2f0a4a927ee10c8e53196da392f3

kernel-udp: CVE-2015-5364, CVE-2015-5366
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=a97b54dd69cb05df4c57f5d5b40c761f7835ce4e

net: CVE-2015-2041
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=553dd569ff29bc38cebbf9f9dd7c791863ee9113

Correction for Enea Linux
=========================
fs-isofs: CVE-2014-9420:
http://git.enea.com/cgit/linux/meta-fsl-ppc.git/patch/?id=b97bb0c7e61223
260f7b4ac7b754bd437186361a

kernel-udp: CVE-2015-5364, CVE-2015-5366
http://git.enea.com/cgit/linux/meta-fsl-ppc.git/patch/?id=945103b85c6c82
89722ca31dcd7c137e77b87186

net: CVE-2015-2041
http://git.enea.com/cgit/linux/meta-fsl-ppc.git/patch/?id=ebec07b828fd54
67285dfc068fca0f5d8e28b89a

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-fsl-ppc
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWuc8fAAoJEAilI68fskZd5GQH/30KKonUHnsFF1ANaClXdCo1
jwd1GBiD86z8mgGaGQVjv/2ntS6P+57mbqthWdolS5yagCJlxdCTCin66V2vhBMu
YN2jClgpRN5/4QA2eE5f8wwsauMRYde+8YgxL4nt/+27JJ0atjJdUzZSS34PLycM
bBQADCGWERO2qblf68wsH97sUSY6ndAglPOQl9K7R4Ob9hifxed0UdOLdr6HiWFI
bYAOs90nrlWF7u7TOkqXdOXKglUrb0kdidOpIPf9oRufq5PeHPpx4t+VVuFALW4j
vUMHp1pnTC4KRXOE7c1Khk9WI3UOpnP9sZoAta/Nr0f5doywWPOxeK7DguWeSYc=
=n/EN
-----END PGP SIGNATURE-----



More information about the security-announce mailing list