[security-announce] Security Update: linux-qoriq-3.1: CVE-2016-3156

Sona Sarmadi sona.sarmadi at enea.com
Fri Apr 22 08:03:18 CEST 2016


	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq-3.12) /Enea Linux 5.0
Severity: Medium
CVE Name: CVE-2016-3156
Layer: meta-enea
=========================================================

This security update fixes denial of service when destroying a
network interface.

Description
===========
Destroy of network interface with huge number of ipv4 addresses
keeps rtnl_lock for a very long time (up to hour).
It blocks many network related operations, including for example
creation of new incoming ssh connections.

The problem is especially important for containers,
container owner have enough permission to enable this trigger
and then can block network access on whole host node.

Reference:
===========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3156

Reference to the upstream fixes:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=5cc4ff312ac06ee4c49801f5b288c1118c3e5785

Correction for Enea Linux:
==========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=1b7f083c0f10c48754c07c49e207746f54ac402e

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security atches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160422/898be199/attachment-0002.sig>


More information about the security-announce mailing list