[security-announce] Kernel (linux-hierofalcon-4.1 and linux-hierofalcon 3.19): Security Update: CVE-2015-5257, CVE-2016-0728

Sona Sarmadi sona.sarmadi at enea.com
Fri Jan 22 07:57:27 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: linux-hierofalcon-4.1 and linux-hierofalcon 3.19
Severity: Low, High
CVE Name: CVE-2015-5257, CVE-2016-0728
Layer: meta-hierofalcon
=========================================================

Fixes for the following CVEs have been backported to the
linux-hierofalcon-4.1 and linux-hierofalcon 3.19 in the Enea Linux 5.0
release:

1) CVE-2015-5257: NULL pointer dereference in USB WhiteHEAT serial drive
r

Description
============
drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows
physically proximate attackers to cause a denial of service (NULL
pointer dereference and OOPS) or possibly have unspecified other
impact via a crafted USB device.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257
http://www.openwall.com/lists/oss-security/2015/09/23/1

Upstream/original fix:
======================
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=fe6689e03318d5745d88328395fd326e08238533

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=ac8af89d18
d9ea12747354bbb8f34dc04c6613e9

2) CVE-2016-0728: Possible use-after-free vulnerability in keyring
facility

Description
===========
A use-after-free vulnerability was discovered in the kernel's keyring
facility, possibly leading to local privilege escalation. The usage
field can possibly overflow, causing a use-after-free error on the
keyring object.
The flaw could allow a skilled attacker to execute arbitrary code and
also be used to escalate their privileges on the system. The attacker
must be able to run custom code on the account; in the most common
configuration, this requires them to have a login and shell account on
the target system.


References:
===========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0728
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-
a-linux-kernel-vulnerability-cve-2016-0728/
https://bugzilla.redhat.com/show_bug.cgi?id=1297475

Introduced by:
==============
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
?id=3a50597de8635cd05133bd12c95681c82fe7b878

Upstream/original fix:
======================
https://bugzilla.redhat.com/attachment.cgi?id=1116563

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=e568d65e41
f3fde7db8a8aab60ac7e750ea73325


How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWodLXAAoJEAilI68fskZdoQgIAJnfoeuF3CCUETyfHdqmF7Hc
XzbmDCiBi4KBmxFR5z+c7uTF0JjmBJqlwiw0ZVryZf5YLBcrC4vDa4kvtuJvRZyC
v97xAeiMFqQY60TNNSBcqjUK3ji/Jf/p7+T1d19u6R44vKERPTvgI/3kChicNu1z
aDxB+xNBybSnSd8osv6gkl0Rd7GHA/QsZbs0YogTR8Rh0KFCPule+ydm7uRk3723
Qw068ymLyq+TzP1RfuWUyMex1GWDAhSAVyQmxlbn6Dud4A+bNp8kImfk247h/mOr
bOXVhZ/KhOF+5zEUux/IaQvgXX44XkqxHOZ7A0dTz4VtYCt2ftC9wIWcqiUwvbA=
=AeDt
-----END PGP SIGNATURE-----


More information about the security-announce mailing list