[security-announce] Kernel (linux-hierofalcon 3.19): Security Update

Tudor Florea tudor.florea at enea.com
Mon Nov 9 02:42:19 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
    Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-hierofalcon 3.19)
Severity: High
CVE Names: CVE-2015-5364, CVE-2015-5366
Layer: meta-hierofalcon
=========================================================

This security patch fixes an incorrect processing of
checksums in UDP implementation

Description:
===========
Under UDP flood processing can loop forever without yielding
to other processes, potentially hanging the host,


References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
http://www.openwall.com/lists/oss-security/2015/07/10/3


Correction for Enea Linux
http://git.enea.com/cgit/linux/meta-hierofalcon.git/commit/?h=dizzy&id=8e23157605049aaf851acdc272e50477b2331fdd

How to get the latest patches
=============================
If you have already cloned meta-hierofalcon, update it to get new
security patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon/
git pull

If you have not yet cloned needed repositories, do it as described below.

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git;
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-openembedded.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQIcBAEBCAAGBQJWP/n3AAoJEAoFCsylVO/VvdkQANuRwm0oVcJDYk51mDjzNZtt
1c76Iisf5EVLIsoFavoH+AWsPmPw2K8NJSBDflwkOAEn48KOS+YjxpXzosCGgFME
ZD5RDOrx2n3Tx8i1it5fSOl4oRrwPq0my/UuvGrYg9RBs01sCfK8pQ4lHGKN1Ufq
EKDkScRvcDGUuQ3oFB082P2+xZr/w+b5nFKx67qr6lTrU/eElW8BYPDTPJv1NJAr
iy7ywhCGJPbGKTf9VJYDGYfqnhzFthXOoVU8KzXz7G3PIMBvuCpVtDl5ViualaiV
AhUKah/dXEtNhPuzUc1GCkMZwdTmym9ADo0tzMTjOpUxvA5JnLz/ogbO+5Mu9Zkj
7kq1iDrsElxvQgrUC5+x+osFkCuF3lBVivY5ZPe0f9+8JZJNgHGKiKm0bOL8cqjT
sYFueKyx8wwCnlQOLLqTonsMys4ltYh8PHhwl1Dm6g6GdJzFbplZ4CDqGPuga3B8
paXaMyHeKMpYBbqDNQXL5lnPt4FIYuPMuC58w2j7PXIULLL1Z7cS4R6E5iM1x15D
55sYEF/LRKuDTJuVNk+o2PobAX8DnKPlIS8r4GGj4SM44ou8c9A7UmBOGoTLz6ni
LMJ7WpcRp83wN7TpucbcoV/w3qNqVcNMv8igDGEXkTp9ixf6t5PIffYVlKi5K62p
h6nhqdSZpmSYOIDw966g
=Uewk
-----END PGP SIGNATURE-----




More information about the security-announce mailing list