[security-announce] Kernel (linux-yocto 3.14): Security Update

Tudor Florea tudor.florea at enea.com
Sat Nov 7 01:22:05 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
    Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: High
CVE Names: CVE-2015-5364, CVE-2015-5366
Layer: meta-enea
=========================================================

This security patch fixes an incorrect processing of checksums in UDP
implementation

Description:
===========
Under UDP flood processing can loop forever without yielding to other
processes, potentially hanging the host,

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
http://www.openwall.com/lists/oss-security/2015/07/10/3

Correction for Enea Linux
http://git.enea.com/cgit/linux/meta-enea.git/commit/?h=dizzy&id=fbdcccc729c468e927ae1e2a86493834ff0ace2a

How to get the latest patches
=============================
If you have already cloned meta-enea, update it to get new security patches.

cd Enea-Linux-5.0/poky/meta-enea/
git pull

If you have not yet cloned needed repositories, do it as described below.

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git;
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-openembedded.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQIcBAEBCAAGBQJWPUQpAAoJEAoFCsylVO/VhpEP/RbgshpLL0l+4ZC6y5PppDvR
/s6gW9Zf+Npzs1ecua0KjdmfkK+qG52yk+YLR6YsmQn5fTQqeJlYuyKSqoXgpXN+
Uuka6HwMqduXBzdIRkKG8iQw/fGD+MCF0hak/kpFrfpFLN9Q95r7OcG+BqsFqdc8
dB/1CG8pGZLd6icMVqUkJulWbuWo9SKXZXnFoa8aEwJJX94s77dlRmoWzutUZAtV
2u/4CMqsy3T+rLiha52AaE9q4fD/RuBUnQgRUN/LznXDgaxnNIcbfgCsMUKf4T+Y
18aCPiHTxYjKBBKCthDks2CAim0RP/4AmXss3Rbde4lu0UNy845uya7AJfDjrDZF
c3QebgDLVkYAxYydYJKrJsgHnw2YGpO5udBaaSDGmxFAGGB5MbfXAwR1/b29Q5NT
W8nZyClgfUnvDF2aQ+9D4LY2fe9HxFdcal1bapXzvHJ9a4JnZfa2uORnNApwkpA7
TDrW6ZYhVnFuQHY3Pjk40B8xuXhp7rqQI/oovnvLNofjXhxbGu2OJr3nNeFIJgAN
02VAl7T72CwEtfaQ0alfU8NWVwbPEOXk92HP7U9pHBelxh163Q6TKWd5STgbRLJD
2d2/xAit74tYBLiZ0DFDcGooHI9Os6GF9jhS17B/UR4H31xW0xZ/sgLAhL+xQ3s3
xHdvs/nHTasIyT9yiiSi
=rOcE
-----END PGP SIGNATURE-----




More information about the security-announce mailing list