[security-announce] Security Update : CVE-2015-5156 Kernel (linux-yocto 3.14 and linux-qoriq 3.12 )

Sona Sarmadi sona.sarmadi at enea.com
Thu Jan 28 14:24:41 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-yocto 3.14 and linux-qoriq 3.12)
Severity: Medium
CVE Name:  CVE-2015-5156
Layer: meta-enea
=========================================================

This security patch fixes a buffer overflow flaw in the Linux kernel's
virtio-net subsystem.


Description
===========
The virtnet_probe function in drivers/net/virtio_net.c in the Linux
kernel before 4.2 attempts to support a FRAGLIST feature without
proper memory allocation, which allows guest OS users to cause a
denial of service (buffer overflow and memory corruption) via a
crafted sequence of fragmented packets.

References:
===========
http://www.openwall.com/lists/oss-security/2015/08/06/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156

Reference to the upstream patch:
===============================
http://marc.info/?l=linux-netdev&m=143868216724068&w=2

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=f5798feb9e960f2e0
5b49d9dceda71ae227e1a22

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWqhaZAAoJEAilI68fskZdwMEH/A2twSQ4RC+Jdi0S8zYIImD3
kNV/axj8wt+8c367NgGk5tjyuPEIYbHOvHQeVXbcW7tg3rL5xALxZvaAR8s0NgYi
hC/nU/gj81yNdqFIwbIsTJWneZfrIS/WAb5duwJwuY+rQF6RRXUhwY14SNdKnbX+
jpRq96U7WIIBWPfV13uWtbbcELOFeTIz7UO+9TjMbgzOGUQ/KZCcq2TX26lym4Lz
xRZt2K6OEi4m/xgchHR0dkFzU36fEoyeq4fn01wZK7tpolbsmdNWNOkWtArFJRcI
jUvmlDUt9q9XcTdtcBbfk7M5DYA1imtr5A2WubFqkvPoqQgLhlFcjJgfuKojSV0=
=6pCQ
-----END PGP SIGNATURE-----



More information about the security-announce mailing list