[security-announce] Kernel (linux-hierofalcon 3.19): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Wed Dec 30 14:53:21 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-hierofalcon 3.19)
Severity: Medium
CVE Name: CVE-2015-5706 fix double fput()
Layer: meta-hierofalcon
=========================================================

This patch fixes use-after-free vulnerability in the path_openat
function in fs/namei.c.

Description
===========
Use-after-free vulnerability in the path_openat function in fs/namei.c
in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to
cause a denial of service or possibly have unspecified other impact
via O_TMPFILE filesystem operations that leverage a duplicate cleanup
operation.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5706
CVE assignment: http://seclists.org/oss-sec/2015/q3/270

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=f15133df088ecadd141ea1907f2c96df67c729f0

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=46cbdbcd69
c5da4801506a1bb472d683b1163ea9

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b
dizzygit://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWg+HQAAoJEHc+9u9ocWoUHZcP/0GrSKjtVZMox3Z6tnXojd/U
lB1NeLShKfeF+7WAlbsKc9Q0x/zLOPPUWcl+ZvgtnlC3kjkSWZZZRzoCJ5jRuJNa
nXG7vjMM0RfWiQ0Db2o6jPql7MpFEaxZRh5SrL6Dzlp7J3BCzYMdmDXlwr6hAfwh
QEQOAZrPhcBKuSghLWKtSr2+fHAK2eVtZEGpYJQT0UMXFvCLTrLOsPtDMiWuVyCh
50xnh44Eyotu98/YBPgbfl/L4GG0Pc2WOsTopSVfYg8YvGYvNBq7O5ZBq+1VS8CF
Ae/z63j99BH14w5yXJ+yWYZcMxwQlK6cuXcB+qewA8eskIk4DbAVSnD7f9EJDurA
sntAnHKBSJG61ax8IQbujo7y8j7pztQwb0Bg0g8nYXClMqF9YoCBqThPBUfZEMDB
Hgx7OFo9SJSCqEumU50B+25+AyiB0RW6hAAJIqg6qisoFC2EQXwxwCBwT7msX5U+
Ek317xu9FtBWU6WZZx1/VhJqI+viWGGr1Z9lgjd8eFFtxtoJqJewNBl8lME74We+
MwAqcGVG5aauybzg+plyw5KPTkTRxRKwEi7EHy+9csLVvC528vsnLzDcVMqhvs7V
VecI8JFqI4ud2q4MbBG3lcQEUmdzLHF350QSxbJm/od72HNNFw1iJYgFODh5IyVW
xSGbUCQRDTHqk90eGUA3
=5z+i
-----END PGP SIGNATURE-----



More information about the security-announce mailing list