[security-announce] linux-qoriq 3.12: CVE-2015-3636: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Mar 11 12:18:32 CET 2016


	Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq 3.12) /Enea Linux 5.0
Severity: Medium
CVE Name: CVE-2015-3636, kernel-ipv6
Layer: meta-enea
=========================================================

This update fixes use-after-free leading to local privilege escalation
in the Freescale kernel version 3.12.

Description
===========
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before
4.0.3 does not initialize a certain list data structure during an unhash
operation, which allows local users to gain privileges or cause a denial
of service (use-after-free and system crash) by leveraging the ability
to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or
IPPROTO_ICMPV6 protocol, and then making a connect system call after a
disconnect.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636

Reference to the upstream fixes:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=8a9a51ba2eff62e1a899daad7b623becfed8f3f1

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=acfea0924b4e8e0a1a890d1151de1e3f39264926


How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security atches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160311/35c7d996/attachment-0002.sig>


More information about the security-announce mailing list