[security-announce] Kernel (linux-hierofalcon-4.1 & linux-hierofalcon 3.19): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Nov 13 09:41:37 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package:
kernel (linux-hierofalcon-4.1 & linux-hierofalcon 3.19)
Severity: High
CVE Names: CVE-2015-6937 & CVE-2015-7990
Layer: meta-hierofalcon
=========================================================

This security update fixes following vulnerabilities:

CVE-2015-6937: kernel: NULL pointer dereference in net/rds/connection.c
CVE-2015-7990: Race condition when sending message on unbound socket
causing NULL pointer dereference. (CVE-2015-7990 is a complete fix for
CVE-2015-6937).

Description
===========
CVE-2015-6937
The __rds_conn_create function in net/rds/connection.c in the Linux
kernel through 4.2.3 allows local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have
unspecified other impact by using a socket that was not properly bound.


CVE-2015-7990
A NULL pointer dereference in the RDS connection code when sending a
message to an apparently unbound socket in net/rds/connection.c was
found. The problem is caused by the code checking if the socket is
bound in rds_sendmsg(), which checks the rs_bound_addr field without
taking a lock on the socket.  This opens a race where rs_bound_addr is
temporarily set but where the transport is not in rds_bind(), leading
to a NULL pointer dereference when trying to dereference 'trans' in
__rds_conn_create(). Note that this is a complete fix of CVE-2015-6937
issue.

References:
===========
https://bugzilla.redhat.com/show_bug.cgi?id=1276437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7990
http://seclists.org/oss-sec/2015/q3/545
http://seclists.org/oss-sec/2015/q4/179


Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?
id=74e98eb085889b0d2d4908f59f6e00026063014f
https://lkml.org/lkml/2015/10/16/530

Correction for Enea Linux
=========================
kernel: net: rds: CVE-2015-6937:
http://git.enea.com/cgit/linux/meta-hierofalcon.git/commit/?h=dizzy&id=e
163d6cf5d6a525676f566841d6b898ff0c004fb

kernel: net: rds: CVE-2015-7990:
http://git.enea.com/cgit/linux/meta-hierofalcon.git/commit/?h=dizzy&id=7
52848f86e67d0634c413e097363172f4f18d98b

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWRaJBAAoJEHc+9u9ocWoUoDYQAItrMlJCLoV2MbW2HLiAm00t
tzwd1YItvdkhADd3wY3LqJCjAOmnfjuCuMsfQXA2lFeYuCLq2lpKAWXt5IKcGxQ3
rV5iF+41p1UY0HSW3+bW/YkwUcQYNZWxL51LCPjmQE2KmfU89eTycl2yEbApBcpX
OvihQvbfppv9DGhQmT9Cj+KRZRbp0xHQ0eX+skqm1Y4q/bORyxxMPisiYTg4h1B4
DCangidKFC5G07GCDeGfuR/kyEfe1svJWm1PZyAP/sIMVwGPyD2SibqbFXFqu3EA
dps5ftnYvj08/c8coeI+fIF5fnwS6K+lu9Gq4a2xjZOCmwsz0wGOeoyffqv0VTK0
lcYRjsaLLaS3n9FNg5Lsa70WTnCTam0LpNa6oaLnpZ0OuimN6eBS8Boeyo+vszBt
JF4yoou+os6x25AQ6VlwPRnv2bIlJvsKvVbXrMflkadWLPKuJ2uqNad8UuiLZe0y
IxLMN6wRi9DDjC3f1ZUgfglk+NYAlfDnkttt/LHQBIS0Ejre7uB9d0akmdMdcHXo
GcxFmSYOC7Uc20IcGJtdkanRKx2Z0fSZT+kHENQb8phYpDolmEiHvFAB2P8kDD/e
i5xP154DdePaxK5yABuhhEtDWoBWOHLcx9TFCnhfjQWiQJJbPWEZZ62cND4DOfi5
R3M/cs4zEKXhtVxdRC8Y
=KGqX
-----END PGP SIGNATURE-----



More information about the security-announce mailing list