[security-announce] Kernel (linux-yocto 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Nov 20 19:56:55 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package:
kernel (linux-yocto 3.14)
Severity: Low
CVE Names: CVE-2015-2041
Layer: meta-enea
=========================================================

This security update fixes information leak in llc2_timeout_table.

Description
===========
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an
incorrect data type in a sysctl table, which allows local users to
obtain potentially sensitive information from kernel memory or
possibly have unspecified other impact by accessing a sysctl entry.

References:
http://www.openwall.com/lists/oss-security/2015/02/20/19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=ecca64226ce2960280921e09ae33e90f82b5c408

Correction for Enea Linux
=========================
kernel: net: CVE-2015-2041:
http://git.enea.com/cgit/linux/meta-enea.git/commit/?h=dizzy&id=b0353049
2a27f14a49010d411e9b8d753b7fe48a


How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWT2z3AAoJEHc+9u9ocWoUXVwQAKo6IYe+RvTsqq5gro5/GY/2
F3rwPpxnzXsGFALLME7xWoS2ODfwrQOwLbihtz8xjMVDHI0hSE2+5OLSgsbdNfTx
q+pioXjojygXnNI6yCChiB6zh/nI211jlN0Z+olRClJddZDzuLqqF6/62Wzu4NJ9
MrQz8lsg3mDYlOe0w53UAbYdtdEeFdUvIFOv0188kb+fFPpd2nql9z4GBjuMaoAQ
iQs2Egqnv3MP4AbVmIYi3WNdDMp9dooPuahYq63GLxZhqUZZ6TwjJePLmPdXXhoS
rX5jdr66IOjtfwQcnlXr/2/LZUQlGv17fYHjeeEiazoIus0M8FXsHbrmahRvZcYP
/vvw2EhlyM9kkHDkpJiBhQWif36xgQ36i/M1Hs8q+Tof1Wun/YuG355q9HUfEThr
X0ndmkY0YlZ+y/2Sn//WCiH4zkXTqIU5/rsxNGfU9uuoI6aaf/8G9NBKjOO4JaEd
oPxaKRPPigaUA/r+h6evW9C5FzzX+o/13qFsB3LZofDAeS2ojlrawgYBLUwLWAEG
IJk19+samrEypEDVqZj9sW2PDSLae6jBmVSSsbudzGVjZuXy72K0kAWJZokUwIAv
zAmGx0iWYMoRv7Lcs6+J7SXDu1LK90ulbrWqNUg1n+MJ7LxGXzYwW0gJA188frny
SqckK9v9pvck/cHBeOCK
=dH0z
-----END PGP SIGNATURE-----



More information about the security-announce mailing list