[security-announce] Security Update: linux-ls1_3.12: CVE-2016-5696 *HIGH*

Sona Sarmadi sona.sarmadi at enea.com
Tue Aug 23 13:37:58 CEST 2016


	Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0:(linux-ls1_3.12)
Severity: High
Arch: ARM
CVE Name: CVE-2016-5696
====================================================================

This security update fixes a flaw in the implementation of the Linux
kernel's handling of networking challenge ack where an attacker is able
to determine the shared counter.

This may allow an attacker to inject or take over a TCP connection
between a server and client without having to be a traditional Man In
the Middle (MITM) style attack.

This vulnerability was introduced in (tcp: implement RFC 5961 3.2):
https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3
(v3.6)

Mitre description:
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly
determine the rate of challenge ACK segments, which makes it easier for
man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack.

References:
OSS-Security post: http://seclists.org/oss-sec/2016/q3/44
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
https://bugzilla.redhat.com/show_bug.cgi?id=1354708

Reference to the upstream patch:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=860c53258e634c54f70252c352bae7bac30724a9

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea-bsp-arm.git/patch/?id=6d95f99420e5dc05fc7319b6e3e85eec29a3e080

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for Enea Linux, follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git -b
krogoth -m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160823/934fbc44/attachment-0002.sig>


More information about the security-announce mailing list