[security-announce] Security Update: linux-qoriq kernel CVE-2016-7097 and CVE-2017-5551

Sona Sarmadi sona.sarmadi at enea.com
Mon Feb 6 11:33:20 CET 2017


		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (linux-qoriq kernel 3.12)
Severity: Medium
Architecture: PowerPC
CVE Name: CVE-2016-7097 and CVE-2017-5551
====================================================================

This security update fixes following vulnerabilities in linux-qoriq
kernel 3.12 in Enea Linux 6.0.

CVE-2016-7097: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
CVE-2017-5551:S_ISGD is not cleared when setting posix ACLs in tmpfs
(CVE-2016-7097 incomplete fix)

Description
===========
CVE-2016-7097
The filesystem implementation in the Linux kernel through 4.8.2
preserves the setgid bit during a setxattr call, which allows local
users to gain group privileges by leveraging the existence of a setgid
program with restrictions on execute permissions.

Upstream commits:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef


CVE-2017-5551: kernel: S_ISGD is not cleared when setting posix ACLs in
tmpfs (CVE-2016-7097 incomplete fix)
It was found that fix for CVE-2016-7097 was incomplete as it missed tmpfs.

Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5551

Correction for Enea Linux
=========================
CVE-2016-7097
http://git.enea.com/cgit/linux/meta-enea-bsp-ppc.git/patch/?id=ff0bff80783d049ad584e9a0497350211770f138

CVE-2017-5551
http://git.enea.com/cgit/linux/meta-enea-bsp-ppc.git/patch/?id=cde07a93953ec678d45b873e02e51810448a776a

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init \
-u git://git.enea.com/linux/el_manifests-standard.git \ -b krogoth\ -m
<manifest file> $ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:
http://www.enea.com/solutions/Enea-Linux/Security/

For the CVEs fixed at Enea Linux releases see CVE list:
http://www.enea.com/solutions/Enea-Linux/Security/CVEs-list/

For custom packages/releases please use the Support Channel:
http://www.enea.com/solutions/support.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20170206/3129cc7a/attachment.sig>


More information about the security-announce mailing list