[security-announce] Kernel (linux-yocto 3.14 and linux-qoriq 3.12 ): Security Update : CVE-2015-5257, CVE-2016-0728

Sona Sarmadi sona.sarmadi at enea.com
Fri Jan 22 07:53:53 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14 and linux-qoriq 3.12)
Severity: Low, High
CVE Name: CVE-2015-5257, CVE-2016-0728
Layer: meta-enea
=========================================================

Fixes for the following CVEs have been backported to the linux-yocto
3.14 and linux-qoriq 3.12 in the Enea Linux 5.0 release:

1) CVE-2015-5257: NULL pointer dereference in USB WhiteHEAT serial drive
r

Description
============
drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows
physically proximate attackers to cause a denial of service (NULL
pointer dereference and OOPS) or possibly have unspecified other
impact via a crafted USB device.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257
http://www.openwall.com/lists/oss-security/2015/09/23/1

Upstream/original fix:
======================
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=fe6689e03318d5745d88328395fd326e08238533

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=b743c20e004d23a8e
b0f5f7553a0c709284336c0

2) CVE-2016-0728: Possible use-after-free vulnerability in keyring
facility

Description
===========
A use-after-free vulnerability was discovered in the kernel's keyring
facility, possibly leading to local privilege escalation. The usage
field can possibly overflow, causing a use-after-free error on the
keyring object.
The flaw could allow a skilled attacker to execute arbitrary code and
also be used to escalate their privileges on the system. The attacker
must be able to run custom code on the account; in the most common
configuration, this requires them to have a login and shell account on
the target system.


References:
===========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0728
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-
a-linux-kernel-vulnerability-cve-2016-0728/
https://bugzilla.redhat.com/show_bug.cgi?id=1297475

Introduced by:
==============
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
?id=3a50597de8635cd05133bd12c95681c82fe7b878

Upstream/original fix:
======================
https://bugzilla.redhat.com/attachment.cgi?id=1116563

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=618f92251544de938
a21b88be6205b42e03e9d44


How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWodIBAAoJEAilI68fskZdCKwIAI4kbOqMFbOlCR+rtnNDZTlV
P/d664lc5EetaECVyOLnOPRhzrL2/KfV1a4jpETtj8fAO112Vd3T44C4zwXawBAd
jiaAsvDV/QZX8ju7Q8BZ2FaXuouJg89iM8NQj7ifZm2lZTzGvEdDuyVn142KLjJx
cpFwwZ4y69AjNod3wydIFb/bQY5yyygiOzFPltH9E34l025+BWOPw6OFUrn67EVT
hQtXxESeHnZuHHFhY+fZ9DKso+vYAr89hQiw3THv4X4yo0fItYGSS9EbLSuVxWcz
KUy8nSPlwHDhmedM5buQ5QPZSD4P7jWZ44D6xYxdPlB/MG5nasCo0Ig4svGPvE4=
=tFXe
-----END PGP SIGNATURE-----



More information about the security-announce mailing list