[meta-freescale] Updates of meta-fsl-ppc master branch on 2015-02-03
zhenhua.luo at freescale.com
zhenhua.luo at freescale.com
Mon Feb 2 22:53:23 PST 2015
Hello all,
The following updates are merged in dizzy branch of meta-fsl-ppc, thanks.
commit 5eeeb3ad74b72d904f805bc6e248e93e722b45c4
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 14:04:11 2015 +0100
sctp: CVE-2014-7841
NULL pointer dereference in af->from_addr_param on malformed packet
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit d063ec68425094eebf2e5d50e8f410456a8f5143
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 14:04:10 2015 +0100
sctp: CVE-2014-4667
sk_ack_backlog wrap-around problem
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit 11517177c55782761a22a6daab4e1569ebf0ef13
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 14:04:09 2015 +0100
ALSA: CVE-2014-4652 CVE-2014-4653
CVE-2014-4652
Protect user controls against concurrent access
CVE-2014-4653
Don't access controls outside of protected regions
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit b1c283c5cd6fab215fd0415fe44828518f87a693
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 14:04:08 2015 +0100
kernel-auditsc: CVE-2014-3917
audit_krule mask accesses need bounds checking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit 60e5148ce3f0098db100b08b70dc5e20154a8116
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 14:04:07 2015 +0100
net-sctp: CVE-2014-3673, CVE-2014-3687, CVE-2014-3688
CVE-2014-3673
skb_over_panic when receiving malformed ASCONF chunks
Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK
chunks.")
CVE-2014-3687
panic on duplicate ASCONF chunks
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
CVE-2014-3688
remote memory pressure from excessive queueing
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://www.openwall.com/lists/oss-security/2014/11/13/8
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit cea3ea75de5952985a87c0039120373c20e5ed40
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 10:22:10 2015 +0100
kvm-iommu: CVE-2014-3601, CVE-2014-8369
CVE-2014-3601
Fixes the third parameter of kvm_iommu_put_pages
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
CVE-2014-8369
Fixes excessive pages un-pinning in kvm_iommu_map error path.
(This vulnerability exists because of an incorrect fix for CVE-2014-3601
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369
https://bugzilla.redhat.com/show_bug.cgi?id=1156518
https://lkml.org/lkml/2014/10/24/460
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit a55ff86fcdd7210bf21162af4c5cb679d871cf4a
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 09:10:42 2015 +0100
Kernel-HID/USB: multiple CVEs
CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver
CVE-2014-3182 Kernel: HID: logitech-dj OOB array access
CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routine
CVE-2014-3185 Kernel: USB serial: memory corruption flaw
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
commit c7f20f8cdaf31b490d6d9065d791907e04a24e8f
Author: Sona Sarmadi <sona.sarmadi at enea.com>
Date: Tue Jan 27 09:09:30 2015 +0100
net-sctp: CVE-2014-0101
Fixes null pointer dereference when processing authenticated cookie_echo chunk
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101
https://bugzilla.redhat.com/show_bug.cgi?id=1070705
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f9
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
Best Regards,
Zhenhua
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-freescale/attachments/20150203/71cec160/attachment-0001.html>
More information about the meta-freescale
mailing list