[security-announce] Enea Linux 5.0-arm unzip: Security Update

Tudor Florea tudor.florea at enea.com
Thu Oct 29 14:08:31 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
    Enea Linux Security Advisory

=========================================================
Product/package: Enea Linux 5-0-arm/unzip
Severity: Low
CVE Names: CVE-2015-7696, CVE-2015-7697
Layer: poky
=========================================================

Description
===========
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with
password
CVE-2015-7697: Fixes a denial of service with a file that never finishes
unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5


Correction for Enea Linux
http://git.enea.com/cgit/linux/poky.git/commit/?h=dizzy&id=753ec70905a680f653768572b481f3637b733fdf


How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git;
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-openembedded.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy git://git.enea.com/linux/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQIcBAEBCAAGBQJWMhpNAAoJEAoFCsylVO/Vl6IQAKtLJgZD5W4gkzmtsS63VVWr
BZOxXgWEmtXxNv0exrt6XYUqQJ6BQk1Xcl6bvkhoFNeHLE+Z1x/qVxszBSdTrYjA
Zdys01wJjNNIPZIpPIHXfc/9RBhG3W3JsL0XkiS7KEbNNXfYZm4bQzFchX91F8AD
0EHB8IiD3/Fxb38WL4ZtDBZ23eGqO1de0EQEuuQ3+s2UgO28cXaUWObAj9BHp5G5
6EFFJqVX/L+V/edvRQYRLqJlUFskYsH4tMPSsok6YpJ9UMJjzGb+KS0b/15SLFDI
T7u5yHObklio392K4fJLvFRp/MevubutQILkjQoXNGgNP2k6ThAxaLKNCLU8bzC3
B47P8SOvNnnqkzLTxFatgwtcVtnMhtUJjGkW1lLny+VSrXluiHBy6kfCwW9qIIXO
YwukUsG/U4m8XOiRHmPw+VVY2GhafzFwI1zqzV2o9FYqMSg5j29s3kDpFtsJXmaD
Wac3dvk6Ilv5sm7gs8X0YPoRN6+94+aRnJnu44s7gpKa/9d0eE68pTU/Wpnsaf+k
tGiovJ+dpBHDEujUXDKOV0tBIGQ9RPW/PlXaK2yjq86uuHQnncqWOIai8XxWJ796
SGKoN71CapYanTW4EC8YaOGMUN+uOIA2NPICTFB/zhj2dp2aDRVKLp9DJjoYab/i
ttzmWbpFI5ce3BcHxsqT
=uggs
-----END PGP SIGNATURE-----




More information about the security-announce mailing list