[security-announce] Kernel (linux-yocto 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Dec 4 11:20:43 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: Important
CVE Names: CVE-2015-1421
Layer: meta-enea
=========================================================

This security update fixes slab corruption from use after free on INIT
collisions.

Description
===========
Use-after-free vulnerability in the sctp_assoc_update function in
net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote
attackers to cause a denial of service (slab corruption and panic) or
possibly have unspecified other impact by triggering an INIT collision
that leads to improper handling of shared-key data.


References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=43e39c2f63240f67a67b4060882f67dac1a6f339

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=989d7ad1335bf9473
db75b94b58d7036619be5d0


How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWYWj6AAoJEHc+9u9ocWoUlJcQAKQjUrovH7zpPr4dy14tuxQV
9Rm5dyW2QQkdCSMkAasDUeumMu8rnGqx2UM3trUBE3CXduDPxhA76lSFHZhfc/dW
qROP1fB8qdlfg/ptjAn8KiO+XSlpJ6M34P21juIIvd0HVd3CHxSIgwlf/RvVK15e
Ii2427YD9jS/BiWEnAd8zvLzAKlAcdLPRbmrUrzq87j0eLiys8akv6GLNb4BRGkj
aYS6Z1TDAM4/BeeXjoxJVaIZKS+CVOiyrsxypHlD4xgF7RznoyOYCRWHTrHQWAK5
2lVtYMXMqkwauL7ZYEqLEFNLzJ0WS8jriexGdG/8nabXTz74Q4Wu4WOyqQ00BAT/
F+UZ5GL14C1jm5i2FJMX6StbUqbsxRNholRogZDUcms8YIicMRx9CurKweMtsf58
FxSe0c+EAJj4VyX+dBOMkXHznMWbZ0rjO6EOX0M6vKpe3EpoKUU2G+A3tzvceD40
XTpbutP/+Lx1yhdWlqEDt9srwu7FLuTQfJF1YWWFivI5ZO12o4hN0J2qlUBJ8tHt
04i5kieGfdIzJ0AMna6SCzEdO83l0GbVZt3/S38YK/tZGebF65KV1PfPlH7trrkY
LXjIc74K8xVWdH7/PbYlzZ8EhVO28wptQOW5Bp/cB4yFiVdxjfQDkVPoBPh8Nw64
XiEnmEve/CnlwBx2/FJG
=J5MQ
-----END PGP SIGNATURE-----



More information about the security-announce mailing list