[security-announce] Security Update (CVE-2015-4177, CVE-2014-4014, CVE-2014-1739) : Kernel (linux-qoriq 3.12)

Sona Sarmadi sona.sarmadi at enea.com
Wed Feb 10 09:42:00 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq 3.12)
Severity: Medium, High, Low
CVE Name: CVE-2015-4177(Medium), CVE-2014-4014 (High),
CVE-2014-1739 (Low)
Layer: meta-fsl-ppc
=========================================================

This update fixes several vulnerabilities in the Freescale kernel
version 3.12:

kernel-mnt: CVE-2015-4177: Fixes race conditions in collect_mounts
kernel/fs-userns: CVE-2014-4014: possible privilege escalation in
user namespace
drivers-media: CVE-2014-1739: Fixes an information leakage in Linux
kernel built with the Multimedia support(CONFIG_MEDIA_SUPPORT)


Description
===========
CVE-2015-4177
The audit subsystem can call collect_mounts, which if attempting to
audit a mountpoint which is no longer mounted can panic the system.
With this flaw, an unprivileged user could call umount(MNT_DETACH)
to launch a denial-of-service attack.

CVE-2014-4014:
The capabilities implementation in the Linux kernel before 3.14.8 does
not properly consider that namespaces are inapplicable to inodes,
which allows local users to bypass intended chmod restrictions by
first creating a user namespace, as demonstrated by setting the setgid
bit on a file with group ownership of root.

CVE-2014-1739:
The media_device_enum_entities function in
drivers/media/media-device.c in the Linux kernel before 3.14.6 does
not initialize a certain data structure, which allows local users to
obtain sensitive information from kernel memory by leveraging
/dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

References:
===========
http://www.openwall.com/lists/oss-security/2014/06/15/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
http://www.openwall.com/lists/oss-security/2014/06/10/4
http://seclists.org/oss-sec/2015/q2/640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4177

Reference to the upstream fixes:
===============================
kernel-mnt: CVE-2015-4177:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=6ab282fe6d43027b3b1ef820b3798aae8fdb432b

kernel/fs-userns: CVE-2014-4014:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id= 2246a472bce19c0d373fb5488a0e612e3328ce0a

drivers-media: CVE-2014-1739:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=2f1831612c94ee7b1819c4a6d21b9d5efac5297c

Correction for Enea Linux
=========================
kernel-mnt: CVE-2015-4177:
http://git.enea.com/cgit/linux/meta-fsl-ppc.git/patch/?id=cd51ec36f940d7
13057d7727ba0862f5503545f4

kernel/fs-userns: CVE-2014-4014:
http://git.enea.com/cgit/linux/meta-fsl-ppc.git/patch/?id=fa34e4b39a0d27
086a2e797b637d8a1b1df89784

drivers-media: CVE-2014-1739:
http://git.enea.com/cgit/linux/meta-fsl-ppc.git/patch/?id=2e775f75b52ecd
963b842f4b91469f2851a6086b


How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-fsl-ppc
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWuvfYAAoJEAilI68fskZdyzoH/0oy/0exzpzfYwvE0Ip6a1W2
8ERm5FgaiW5pwkqF/Ddj+aVCsda4D62WO17UMVRiXgB2ibiCUEnTBcwQ7E+lfIt8
GThhG54VJdqSJ1uojoLOuJ/1PycK/QTQHb2wZTBap9uNzKX0TwlANXrs5ArbqM7b
Fv+SXf/eUbwLv1KWZZAN4w4VsiB7b17v43GDGsSPLHfu328S8UB9up4VHGePNXT+
35oJoxYH2TgbHhr32xxu9FXoVy0ZFvFzGJ4P8WtsTTeTedeGuy08rdHIBZkoShJ0
8KDupkcs6Nb8wllK22TQnoIQOoQEko/7tvnTQbQeEjU5PzzKEBOLc/SyiYxx2xw=
=3lYj
-----END PGP SIGNATURE-----



More information about the security-announce mailing list