[security-announce] Kernel (linux-yocto 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Wed Dec 30 08:56:56 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: Low
CVE Name: CVE-2015-5697
Layer: meta-enea
=========================================================

This patch fixes a cross-boundary flaw in the Linux kernel software
raid driver. An attacker could use this flaw to read private
information from user space that would not otherwise have been accessibl
e.

Description
===========
The get_bitmap_file function in drivers/md/md.c in the Linux kernel
before 4.1.6 does not initialize a certain bitmap data structure,
which allows local users to obtain sensitive information from kernel
memory via a GET_BITMAP_FILE ioctl call.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5697
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5697
http://www.openwall.com/lists/oss-security/2015/07/28/2


Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=adbbaa36dd55ff0bde07391d898779760b5206df


Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=cc381727c4a4c38cc
0697c8f96b6e36e670c2cb7

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWg45IAAoJEHc+9u9ocWoUq5AP/0KDWtqymgpHrnXWwbn8R20w
x/4BVhsh96GcYjxGRDuUXpTyu4AAMJrtm2dprdpQgpZ1e7sCq23C6bVOUuzbnRPH
hDqI3gA6uUl4VFtnCVx7ZWyfQ+QucL/t9vwfL+prNem5KN2SfUFT+wokMFYvJjOl
vsP/CiEGzJoxZicpFM+5VfZa9e6zy3rR9KBOOKfGwAnhrFH0CoGDr64HMEt4oeqe
bTIItjjG1yFKr/3fvxceWLPJum48L4/ZdKhVHYT0srpC0EX2appFWu9J6BexEoI7
2icJu0576+sz6GDe5FW70LWZroomj04ohQb5QYCmsDQUnvsg3RiNSgpgoZSEJATz
h0KqNbuc8qbnf+IBbqVOMrxzfYTPRREH3e63Js/QNKgj/0LPa+2FDT4K8gaMORQc
W+2hkkN6ai5ZHFnitFoymz3Vyh9tPd3vnzyBWiXdwtWR6XUfY2SH5DNlxAZIhR+a
lfb8XVprryyR2qU382+iTVrOaFn9t1goDD4TWR3BenTIClhsoesehMojDuY1sDVz
joKyBF82EZymbkWwd9n100W8rUPNBLJQJ9AbjvPaHepft0fsHXe8nyLHyrGqUOEb
g/XV+0ovoONtWHyWDU/JkCumArsCiYQfbO3FtcuzB4OesKaUpgzVVK5/0LBfYTDF
wo91iDR/ROtoBhRGzLtc
=vCha
-----END PGP SIGNATURE-----



More information about the security-announce mailing list