[security-announce] Security Update: linux-ls1_3.12 : CVE-2015-8569

Sona Sarmadi sona.sarmadi at enea.com
Tue Aug 2 12:05:40 CEST 2016


	Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: kernel (linux-ls1_3.12)
Severity: Low
Arch: ARM
CVE Name: CVE-2015-8569
====================================================================

This security update fixes an out-of-bounds flaw which was found in the
kernel, where the length of the sockaddr parameter was not checked in
the pptp_bind() and pptp_connect() functions. As a result, more kernel
memory was copied out than required, leaking information from the kernel
stack (including kernel addresses). A local system user could exploit
this flaw to bypass kernel ASLR or leak other information.


Description
===========
The (1) pptp_bind and (2) pptp_connect functions in
drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify
an address length, which allows local users to obtain sensitive
information from kernel memory and bypass the KASLR protection mechanism
via a crafted application.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
https://bugzilla.redhat.com/show_bug.cgi?id=%20CVE-2015-8569

Reference to the upstream fixes:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=d470ffbe3fe914d176ced4cf330a297c523c5711


Correction for Enea Linux
=========================
ARM:
http://git.enea.com/cgit/linux/meta-enea-bsp-arm.git/patch/?id=b065fdd08d51d4ed21fc641a2b97d42fccb5cb98


How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for Enea Linux, follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git -b
krogoth -m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160802/054ece3f/attachment-0002.sig>


More information about the security-announce mailing list