[security-announce] Kernel (linux-yocto 3.14): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jan 8 07:48:58 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14)
Severity: Medium
CVE Name: CVE-2015-4167
Layer: meta-enea
=========================================================

This patch fixes an inode data validation error in the Linux kernel
built with UDF file system (CONFIG_UDF_FS) support.

An attacker able to mount a corrupted/malicious UDF file system image
could cause the kernel to crash.

Description
===========
The udf_read_inode function in fs/udf/inode.c in the Linux kernel
before 3.19.1 does not validate certain length values, which allows
local users to cause a denial of service (incorrect data
representation or integer overflow, and OOPS) via a crafted UDF
filesystem.

Reference:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4167

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=34820fc89c5e635b7381e4060931ca30a63d110a


Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=0b64cd33374cca435
3872ccc0b17531176c0d696

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWj1vaAAoJEHc+9u9ocWoUZxAP/0R4yZEL0P/YOrpDe7AYHcvK
whwexDORIctlkbKklIjzv9mYQXBdTt4z20WkohlyC5fmc0cy8zwAw3p5Z2zkAgR3
q3GgqY3YIbHFtFVGUCoTtcAtevDk/e9xgBOKHlRxfMxY9Xku8XiCNrta/hy13WAM
WlqDYcY6joi91EiA7zDZ78Bi4/FG8+4DgxuyE+a7XDIskT8DJMFCRNe2AWgeR0A2
PQazCA3niD3CXESNfzf8scckzKoIXiqT61qUQ7BB2+Cznru1RVqKNhyTxWu0UPG1
znS4ucmVEKWHA9wjHePSHTOh7atP6ZmWAjnd4Mgz+BvDSnf2rc0863ff2IqqLKbX
rQUoaq7M5+TSv/IOQBWuQSKFHt4LDWmJWXWwk1DsRSdOdg9IApKRI+e9h/JI/hcB
rnkCZ94dP5rlmwTgxHkUIhDhdZaTRWr8XDqCJgmwhCJTUPgvEKIcxVtZ2PUXNGjQ
DATyDdK+tpTU9gcbx7f3frg0inIu1xosaSMnYDr05nIDUufn5mJvNoJnnHsysjvh
kf2UG7gomggWlYYj8BSr2a8iFqAsV0YsWXBJ1DfKTA35hJSLrGBRDnWlCCok//Fm
Fp9kgPs+hKv/XSJ9sLG1fnqfitkbvY/mja/VK+nUCXqpUv79FwxQe//EGgTq3XAW
pRkfnwcI+vTuVzb4ftPz
=qyKW
-----END PGP SIGNATURE-----



More information about the security-announce mailing list