[security-announce] Security Update: linux-yocto 4.4: CVE-2016-5400

Sona Sarmadi sona.sarmadi at enea.com
Tue Nov 1 16:29:55 CET 2016

		Enea Linux Security Advisory

Product/package: Enea Linux 6.0: (linux-yocto 4.4)
Severity: Low
Architecture: QEMU (ARM/x86/PPC)
CVE Name: CVE-2016-5400

This security update fixes airspy usb probe error path in linux-yocto
4.4 kernel.

Memory leak in the airspy_probe function in
drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux
kernel before 4.7 allows local users to cause a denial of service
(memory consumption) via a crafted USB device that emulates many
VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and
disconnect operations.


Reference to the upstream fix

Correction for Enea Linux

How to get the latest patches
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init \
-u git://git.enea.com/linux/el_manifests-standard.git \ -b krogoth\ -m
<manifest file> $ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:

For the CVEs fixed at Enea Linux releases see CVE list:

For custom packages/releases please use the Support Channel:

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20161101/0acffae5/attachment.sig>

More information about the security-announce mailing list