[security-announce] Kernel (linux-yocto 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Wed Dec 30 08:47:38 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: Medium
CVE Name: CVE-2015-5706 fix double fput()
Layer: meta-enea
=========================================================

This patch fixes use-after-free vulnerability in the path_openat
function in fs/namei.c.

Description
===========
Use-after-free vulnerability in the path_openat function in fs/namei.c
in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to
cause a denial of service or possibly have unspecified other impact
via O_TMPFILE filesystem operations that leverage a duplicate cleanup
operation.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5706
CVE assignment: http://seclists.org/oss-sec/2015/q3/270

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=88b4f377466cb673777d27693acf70108a908106


Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=af15989919f43e13e
027fb698f5fefe4c73eb8de

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWg4waAAoJEHc+9u9ocWoU7FIP/iaqJocnYdO+KawpdkhTHsOU
yHfRdgKC/zB0FlMe7oubBgaRtH8aITWqNGWZmbskUvAjaJr9RJLSqduDAZTu6n0d
Gyue7whRcCrNkYEHmLlXyaEDlI3zTwRtYlPxztMUCKHgzszBgGdY2doCGsni5tks
dsqAkb6dLHnd0tv2NuQ9nk5dUTCfSA4rThwe/2inO2mxYhs+UBdqO6MkeTlwDl3v
N/Qc4FIxl9xAJFghSpAAaWVN9lUxoFAuqFRDY9fTmDq5nonc14JyqUQV7etUSDfw
gtmMYVhg/UrMqBgjqEPKtTfF9V7F3pDqH3CIpm+b1CdQf1fl2cZNNKO1CrIqxsy8
iRZ4qy/o7lIKQ0+o3IIdQgGRtoDxJlz9kKKLoUcGSNgM1I9VfWQ2uIuMMsnz34rN
jD9cGrhYcJxivsjtVRjf/BQvvURm9UQqQvKm9MhLCeRP2qh+7RWwioRIx6U7U1k6
wmqLWnvDLgWRordI4QKHHzDQNLw1sLg1oqJunnxrRNd0+2cUOzbQ3nX0nDyrziWl
ohXFZnnoUhTyX0dCEdZd2pIBjIEdF63mJOUEK6wTi1zVJ0q0tZ9+Z8w4rg4GZZry
idpRPuMMb0p7d5xQBUCXpSSYhywdYLUJ7/Vn7cfagt1GMtRbGlUIVI5pWI6C6Mt8
4jpvNLkWMtQxLxDpqjDW
=YNqe
-----END PGP SIGNATURE-----



More information about the security-announce mailing list