[security-announce] Security Update : CVE-2015-2925: Kernel (linux-hierofalcon-4.1 and linux-hierofalcon 3.19)

Sona Sarmadi sona.sarmadi at enea.com
Thu Jan 28 09:57:45 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-hierofalcon-4.1 and linux-hierofalcon 3.1
9)
Severity: High
CVE Name: CVE-2015-2925
Layer: meta-hierofalcon
=========================================================

This security update fixes a flaw in the way the Linux kernel's file
system implementation handled rename operations in which the source
was inside and the destination was outside of a bind mount.

A privileged user inside a container could use this flaw to escape the
bind mount and, potentially, escalate their privileges on the system.

Description
===========
The prepend_path function in fs/dcache.c in the Linux kernel before
4.2.4 does not properly handle rename actions inside a bind mount,
which allows local users to bypass an intended container protection
mechanism by renaming a directory, related to a "double-chroot attack."

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
http://www.openwall.com/lists/oss-security/2015/04/03/7
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2925

Reference to the upstream fixes:
===============================
vfs: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37

dcache: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65


Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=f846a18b03
0d4bccbb7a2d1fb7359df6c6c69048

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b
dizzygit://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWqdgJAAoJEAilI68fskZdL3AIAN/9ngarOp54w9XdAm5Q+G3t
Zl/rrmoevfG3N7jTQkKCygmCIhtrCCB6a62DjvcvyYS8l51WpV2Ll+c4GkNvfbvd
3CV6nlobSzUus4jFeoNEadjP/hyX42pnZPJ4rouA5ItM/SJWeHUauw5aSJgIyq0p
KHCWrlJxXGk3fze46tVuImIfwMAlu5LL5tBqU5qGL9qquXAwl3NFoHJV+G6XeAH9
XSYrO7eK+XI2uAKx2wjhXGCmlQ9BdFwB5YL+L5EREIMOcabFgd4VsjzFSMKMsgHp
SQ/83MZTUZ8aFW9emzdHqYeX19YIRcwxher9m3evM7NgY76MinyUNDA44O29K5I=
=Z2Qy
-----END PGP SIGNATURE-----



More information about the security-announce mailing list