[security-announce] Kernel (linux-hierofalcon-4.1 & linux-hierofalcon 3.19): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Wed Dec 30 14:55:34 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: (linux-hierofalcon-4.1 & linux-hierofalcon 3.19)
Severity: Low
CVE Name: CVE-2015-5697 information leak in md driver
Layer: meta-hierofalcon
=========================================================

This security update fixes information leak in md driver
of the Linux kernel.

Description
===========
The get_bitmap_file function in drivers/md/md.c in the Linux kernel
before 4.1.6 does not initialize a certain bitmap data structure,
which allows local users to obtain sensitive information from kernel
memory via a GET_BITMAP_FILE ioctl call.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5697


Upstream/original fix:
======================
4.1 kernel:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=33afeac21b9cb79ad8fc5caf239af89c79e25e1e

3.19 kernel (from stable kernel.3.18):
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=e46e18eb387767fa26356417210ef41d0855ef1e

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=14f970ed68
973debdeaae73a8e2bffb5d7da572e

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWg+JWAAoJEHc+9u9ocWoUxVIP/2JKrNoE+eE42PSQ9+AkDYhO
tgKAfMu55oG8aAZl7C0YjJodEirBbdjVMyldzZVkcbQrthpeh3K6sBSUt+D/p5BD
w6vPjRmRo6wme4zuPy/J1FXaVDrZ1hy2zNNnk+TdniGb60qVf6mUEhOTTtMYUgyc
ARo8zSJW5i1b30kCOykIjbq6GOXc5L6cNuUZe/HQ5U4UvrqdnB5N8HpCJAmnBZAY
r4PL8CXOGA2BY/my5/91qhNQrM0Na223ZFkX+jK9xV3TUubTwllAulyoVHqKPiuu
n9758cfXEvCg9vIzOL1sCg72LccN88+YOjROE8CG+t0SvGNp6ADiJE96QqtmucZo
qDzwCmi5jUN42Z8YNcH456JG6Pubou8VVpow8MTFXlf1Ah9PTf1uRuAno0zfHQ7p
LpN6oOg24uHjl+xzlN1oPXr+MfydsYCHLRS804aMZkIiqbV7SNaySDHgllTGtTH9
Ku/SG7MV2pLj4dTp5B+PW5oQWpK0R/hx+olyeSeGH8mwWMXJNOguj2nJfmQmq3I+
EWzUYSI/eCBRfDO3uAeJ+e1uUEgGxZ9Jn4cZQQMZptoPRgAAO0M9DIiqw8qVWt5w
RMUmdvBDX+ImIUnO7fLCoPmksr2SQRoMuJbmT4HI7tI6J5T9f6WzONqBQRjiT2I8
7JeNIA3eTUkYboEFw9n2
=OzAP
-----END PGP SIGNATURE-----



More information about the security-announce mailing list