[security-announce] Kernel (linux-qoriq 3.12): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Dec 4 11:15:57 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq - 3.12)
Severity: Improtant
CVE Names: CVE-2015-1421
Layer: meta-enea
=========================================================

This security update fixes slab corruption from use after free on INIT
collisions.

Description
===========
Use-after-free vulnerability in the sctp_assoc_update function in
net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote
attackers to cause a denial of service (slab corruption and panic) or
possibly have unspecified other impact by triggering an INIT collision
that leads to improper handling of shared-key data.


References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=43e39c2f63240f67a67b4060882f67dac1a6f339

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=fb6a465c392827d23
c84aff644d7dd1856d59218

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWYWfdAAoJEHc+9u9ocWoUzHoQAJa4vs6dtQDPD5V6I2aDzKkp
Xgs54jHUsj3Wur7R4XquFaqcEWlrwEvlwh7ZipQaw19cayAgQpMoitBu9tMwrsBQ
Xntb5MZqJYI7rkodFjA/LHS+PjBHtQiJrcs7bRJGhRnaD/KCOS5WEB2/Im+WF11l
e0JJVAdUA3XHAXygQcrhV86K19gpN0g9gc6qYF/7uxGiGXiGt3uw9byRCoQAhwpi
jlw2IAfVw+UnWm7VikMicBC7zGu0Dv5YupuKnRZnUtzpdP11jjcmIX6eqhCEbB2T
dT1GzjUJ37GhVTq3o1gXikNzyZ+8IQSEK6brA+IzRIBZze0tL+dxHKjZ4kCblXDy
jWSBTG2QZRf3HxiCFyqqUu3K9+4ahgYflR3jjbN2Ds6trlGKqwQdP9mZ9ldQw2Od
mNYGXN6YByTFykEbP/xYJqSTTIrsUUSj/IKhgKr+VJGFFiDtQUmdJdrfyCtRCB6Z
F3aJSaVu4X2AdpuoQdaug50ybgSXp0DrG5bIqB+F7GdKPGlHMhNn0dfao7bgOQ4r
w5HbOWRHbhCq8GymlDBDj0G/JhnaMMLgj/8OKs2WcH0nO3I1y5I3bmqFqZ+6HjFJ
ZzAJuKOZuIvKRnokO5ZabTbfT9AEbaMJZcGDBLL/1nlLpjoD0Yca35IfIMrf795H
dnn4/X3hjNe53bY7e90k
=Cbey
-----END PGP SIGNATURE-----



More information about the security-announce mailing list