[security-announce] Security Update: dropbear: CVE-2016-7406, CVE-2016-7407, CVE-2016-7408, CVE-2016-7409, *HIGH*

Sona Sarmadi sona.sarmadi at enea.com
Fri Nov 11 13:27:12 CET 2016


		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (dropbear 2016.72)
Severity: high
Architecture: All
CVE Name: CVE-2016-7406, CVE-2016-7407, CVE-2016-7408, CVE-2016-7409
====================================================================

Following CVEs have been fixed in dropbear version 2016.72 in Enea Linux
6.0:

CVE-2016-7406:
A dbclient user who can control username or host arguments could
potentially run arbitrary code as the dbclient user. This could be a
problem if scripts   or webpages pass untrusted input to the dbclient
program.
https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb

CVE-2016-7407:
dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e

CVE-2016-7408:
dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6

CVE-2016-7409:
dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04

Reference:
===========
https://matt.ucc.asn.au/dropbear/CHANGES
http://seclists.org/oss-sec/2016/q3/504

Reference to the upstream fix
===============================
https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/poky.git/patch/?id=c4061a0a689fd3f4e3fb5d5dd6357dc542973d45

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git
 -b krogoth -m <manifest file> $ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:
http://www.enea.com/solutions/Enea-Linux/Security/

For the CVEs fixed at Enea Linux releases see CVE list:
http://www.enea.com/solutions/Enea-Linux/Security/CVEs-list/

For custom packages/releases please use the Support Channel:
http://www.enea.com/solutions/support.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20161111/5605f572/attachment.sig>


More information about the security-announce mailing list