[security-announce] Kernel (linux-hierofalcon-4.1): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Thu Oct 22 13:46:23 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-hierofalcon-4.1)
Severity: Medium
CVE Names: CVECVE-2015-1333
Layer: meta-hierofalcon
=========================================================

This security update fixes denial of service due to memory
leak in add_key().


Description
===========
Memory leak in the __key_link_end function in
security/keys/keyring.c in the Linux kernel before 4.1.4
allows local users to cause a denial of service (memory
consumption) via many add_key system calls that refer to
existing keys.

References:
http://www.openwall.com/lists/oss-security/2015/07/27/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1333

Upstream/original fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/
linux-stable.git/commit/?id=4fd5dc9eece297f49f16f82422ead3a28b11ea70

Correction for Enea Linux
http://git.enea.com/cgit/linux/meta-hierofalcon.git/commit/?h=dizzy&id=7
7050ff91f7d3760e89ececb258929ac8ac67396


How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-enea.git;
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy git://git.enea.com/linux/meta-
vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWKMyPAAoJEHc+9u9ocWoUGl4P/RoNNt7kt4Gj1gPA0wwL9VUN
W/rp/i+vUscDyHcMa9hgFA+nfJdi+2M78Ve09uG2iCXyp4Jhmzq93yfQbTOodoGk
tbbxX+ca8A31IfirJighrUQ1r6x8p6vS9wnbFXbuAq0ycZtb/NzK8jscQamCemJj
wDyWnpMgHiunm/HQfTCiYDBTPfT4cUDGlKpdiEI/8uGAyeR1KvNgso/aHTefqeC9
HsqYi0inXpE/npEjZS+d0hmE29MlpVUjEhi+DFYbuwys6ti6cTy2mS1Ni6JUiAkR
z2B80K3uiPZpRZU5ehB9CNNiEDi8/1N9dg+bCfwtSSCiSU9y3jsLhwNi4shnbYxd
ZDDq10Eb/Zw4OmW3KHaev7WDnOQFSZHgnqX0v6ysrvPYdWfzdtJUOBRf6BrxzGkd
ZNNT5zsE7wdV7viw9m1drAEQJFwY4po7GCCIg4ybwlQ9HcpgdgzHqsNBJiKnQm8g
jIS3w1M6ucGq6hFRj9CzES53NO2WHQOvLzPxtzL0jeDx/2ClVjrNtLr02z1IBtsp
6oy28KxVbqG2x9hTRvGx4oX86CEWwBDjpADjwVpPKbTTsYudhOdTZvPYf5wuht6G
OnOkJfnzfT7Y54O+8xHVKSEtgsBePqDf1yxmm3e2YDfp0IenJqK+2/kYSuEOJDqW
0mCZr6BYbLgx/x3bzxNF
=VA/H
-----END PGP SIGNATURE-----



More information about the security-announce mailing list