[security-announce] Security Update : CVE-2015-2925: Kernel (linux-hierofalcon-4.1 and linux-hierofalcon 3.19)

Sona Sarmadi sona.sarmadi at enea.com
Thu Jan 28 14:46:05 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-hierofalcon-4.1 & linux-hierofalcon 3.19)
Severity: High
CVE Name: CVE-2015-7613
Layer: meta-hierofalcon
=========================================================

TThis security patch fixes a race condition flaw in the Linux kernel's
IPC subsystem.

Description
===========
privileges by triggering an ipc_addid call that leads to uid and gid
comparisons against uninitialized data, related to msg.c, shm.c, and
util.c.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
http://seclists.org/oss-sec/2015/q4/7
http://www.openwall.com/lists/oss-security/2015/10/01/8

Reference to the upstream patch:
===============================
https://github.com/torvalds/linux/commit/b9a532277938
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=227e772457
791f69b69646556b3ffbbb94936bd0

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b
dizzygit://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWqhudAAoJEAilI68fskZdxSAIAMc+F8BQgT6ZC6k8GoIc0FCH
p2lttofs4epbhlXkLfXc8gIOisDgClecAJC92YyZkfyP0NVRSN0oklAR8lA14Unh
TrDTd7BF5BNCdFUC39AqDvi20UqOpOHJbGBAE5nKw+oBD/uCD2B9vt0dD3C8L9eg
Yn3fQl5FJow+32EbZx1wgx+r1Yss/QBGlY3EvKlOVS0hEUSyiwozk2uB3/xU2cG/
FLEENU8ZWvRcW4v0Y3PILZ0dOB62jJfgojj1dvNVqTE0A2a8G4aKLlWef/zY6Bey
gKyiPCmmngNZxTACMqJgqBIGGUyYAsXSGfu2lDH1dQN20E3ytqAmtHrqw0neuko=
=BhG7
-----END PGP SIGNATURE-----



More information about the security-announce mailing list