[security-announce] Kernel (linux-yocto 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Mon Dec 14 14:48:00 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: Medium
CVE Names: CVE-2015-3339
Layer: meta-enea
=========================================================

This security update fixes race condition between chown() and execve()
system calls in the linux-yocto 3.14 version.

Description
===========
Race condition in the prepare_binprm function in fs/exec.c in
the Linux kernel before 3.19.6 allows local users to gain
privileges by executing a setuid program at a time instant
when a chown to root is in progress, and the ownership is
changed but the setuid bit is not yet stripped.


References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git
/patch/?id=de70236fbe30749fb8c317088c16a97e700fe232


Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=6139644280195f8fb
7d59b713f3d226a84b21665

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWbsiQAAoJEHc+9u9ocWoUvLgP/imOZoR9T2NZ7ZEY2RiPm8Cm
i2qC9E8myx6gINTYGcKYQ4G3OcKHyFwHuJR3GXbmda6/Lchudd1Jb5zyC+dDdpEE
xRM6q/HG8LNL0ESRMFHTpcKWxyINzwPn5S8JkKgcvPmn4BS9dZZVS/gvO+DrEw6X
aPtpdJlw5qQOKfkIMwg5X7BmQs2VXfAN3w9R9ev922R8KehqDH/QET3O17emhI9N
9xX7IXdWJRB2MQQlTNGqULstFbfVmT2q8BV52+G1yFTEeK7Lemg4d0d+nl8BtWW4
Bb9LLsUrcpWe9keAztjnSmzLrg3yrG8cAlbDAInFGjWJqcuX1kf5DXulX0IoXl8g
NfzWn/FDPvDZJU8M969JnaRk+N7VzlV4Y4AuzX+RItQOu6G28BHkRlJpiUFh/e9h
oWZf9rKCgv3ZJOFL7Vc32c+Tv93aYs5BomPb/6+qID2dQIIGQR+4O/XMoIbAWfOR
alkQF1rCgzsSxt+j4YtLc4o0n8SyQvFuGiKEUc97xozy9Ysryuf33nXDghlaVmP9
RVnUkYo/aqEevWIYeTwmdFre6ZVdT57IUDlIhdW4G7J5edw/lF8LNoKI6nPuLVO/
rdX/8MYJKF8JJpcKh9ckZmopGm3zLHiBRui47cUW6X1HOSL7NgSFbxO2DSHuRPZ3
IiPDc40RvdQptjfD+F3S
=1BLa
-----END PGP SIGNATURE-----



More information about the security-announce mailing list