[security-announce] Security Update: linux-hierofalcon 3.1 &, linux-hierofalcon 4.1: CVE-2015-8374

Sona Sarmadi sona.sarmadi at enea.com
Thu Apr 7 09:19:08 CEST 2016

	Enea Linux Security Advisory

Product/package: kernel (linux-hierofalcon 3.19 /
linux-hierofalcon 4.1) /Enea Linux 5.0
Severity: Medium
CVE Name: CVE-2015-8374
Layer: meta-hierofalcon

This update fixes an information-leak vulnerability in the kernel when
it truncated a file to a smaller size which consisted of an inline
extent that was compressed. A caller of the clone ioctl could exploit
this flaw by using only standard file-system operations without root
access to read the truncated data.

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles
compressed inline extents, which allows local users to obtain
sensitive pre-truncation information from a file via a clone action.


Reference to the upstream fixes:

Correction for Enea Linux

How to get the latest patches
- If you have already cloned needed repositories, update it to get new
security atches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
git -C $POKY clone -b dizzy
git -C $POKY/meta-enea clone -b dizzy

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160407/60775d63/attachment-0002.sig>

More information about the security-announce mailing list