[security-announce] Security Update: linux-yocto update 4.4.26 -> 4.4.60 to address CVE-2017-2636 ** HIGH **

Sona Sarmadi sona.sarmadi at enea.com
Fri Apr 21 14:29:27 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (linux-yocto 4.4)
Severity: High
Architecture: QEMU (ARM/PPC/x86)
CVE Name: CVE-2017-2636
====================================================================

This update fixes a race condition flaw in the N_HLDC Linux
kernel driver when accessing n_hdlc.tbuf list that can lead to double
free.
A local, unprivileged user able to set the HDLC line discipline on the
tty device could use this flaw to increase their privileges on the
system.

Description
===========
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through
4.10.1 allows local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2636


Correction for Enea Linux
=========================
https://git.enea.com/cgit/linux/poky.git/patch/?id=9ee38b3a027470c98f733
7dceac67ba06420c075

How to get the latest patches
=============================
- - If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git -b
krogoth -m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:
http://www.enea.com/solutions/Enea-Linux/Security/

For the CVEs fixed at Enea Linux releases see CVE list:
http://www.enea.com/products/security/security-updates

For custom packages/releases please use the Support Channel:
http://www.enea.com/solutions/support.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJY+fsnAAoJEAilI68fskZdsTgH/3WmpbUklxYQahusp6r3Y3Ci
Wcf60LLtqlLb2Y6QusfjMd9p7nDbMDbF0YSe14DP5X5RdQ+ZEFy9GArG7CM+tcoI
4twrYFAYy0O3UtlRB34mv4a3ogxzzMKoQYQmlOAj6gKXxWPcBKD+dxHno7Im1O4t
jl9mxqVnKKl8KDiSm7qoFK12AEBVto6I4Vz+pTJGICxrFj56ZovF4i+d6isiyU0X
IfiHBBJMgcFuE6enNr22zgUPM0qCY4oS+kR8k8YifoR7Ms4SDRR/P34sJCayyZgP
dFMxjsw40GcMaQo6/qNjHluNBFNWPmgTkurcUg1txMk4nFjrXnVRjuEPJ/BBvJA=
=Z92E
-----END PGP SIGNATURE-----


More information about the security-announce mailing list