[security-announce] Kernel (linux-yoct 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Oct 23 08:57:26 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: Medium
CVE Names: CVECVE-2015-1333
Layer: meta-enea
=========================================================

This security update fixes denial of service due to memory
leak in add_key().


Description
===========
Memory leak in the __key_link_end function in
security/keys/keyring.c in the Linux kernel before 4.1.4
allows local users to cause a denial of service (memory
consumption) via many add_key system calls that refer to
existing keys.

References:
http://www.openwall.com/lists/oss-security/2015/07/27/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1333

Upstream/original fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/
linux-stable.git/commit/?id=4fd5dc9eece297f49f16f82422ead3a28b11ea70

Correction for Enea Linux
http://git.enea.com/cgit/linux/meta-enea.git/commit/?h=dizzy&id=eed885c9
afee7c93efa559df9336eb7ff7390e2c


How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-enea.git;
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy git://git.enea.com/linux/meta-
vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWKdpWAAoJEHc+9u9ocWoUCCUP/3Zn6/x4Sp+rjY8ggA0hMKpe
rGqKPb4X54Ha+qdwZfR/Qp1wUmP2m2GGXrUqKfVNv9fWNINZJ18/lj1Rn8diRHZa
tfgC0w05OayXzoeF8c2SavwfqgDXTtTvs1iyAuyo7PpZjvEStnPrcEiDXnf4A428
bz7O34Zp9Mx7EdoyArPqK2/F4fVhe0OJPslcO3SVnkJcNMo6JXNM4YIhz6czbQE/
4D4Bd8QlxsDWzZiezGHcVh7VJPheV1vMo9saoywjwJZAOgl3PWiYhNrzLpQFKxi3
o527NM79SQZomnJrKWwHKYbKxQdkPaAr5WuLlFYzVM6H4eUQNe38DdURUDAu7xvB
dBXpsc/f4rhMif0Xcf7ZWGAUKy9zO+hIGW6yR3dopGyYHMHfdSnPTOfISkxcnXo8
r7vDiDLx/dx37f2iBVQDRq4m06bJnTbbBn4gLv2qX2RkgMvRSC2WPXkZX72cJqR8
8znSs49sZxuP/dNqiYQqlAQlMxkKYR3CXkDlTofSLi9ch1/ei0pEX1tKWj/cGgE/
opavp1god7uyqsTx9xhEid0RlsL/0d/WvmvCIyYpApF1ADiGRtEu8Boww87Cu+HU
hl4CiAov35R8eZbgGTM/PxCE9rSlHefJ3T+8qEAqdX4MfU/1KLZSMcmkYWOCcAVz
Eq/cyGHXxBaVQhcP6X9E
=Kys/
-----END PGP SIGNATURE-----



More information about the security-announce mailing list