[security-announce] Security Update: linux-ls1 CVE-2016-10229 ** HIGH **

Sona Sarmadi sona.sarmadi at enea.com
Fri May 19 13:39:31 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (linux-ls1 3.1)
Severity: High
Architecture: ARM
CVE Name: CVE-2016-10229
====================================================================

This security update fixes a security vulnerability in the Linux
kernel. This flaw could allow remote attackers to execute arbitrary
code via UDP traffic that triggers an unsafe second checksum
calculation during execution of a recv system call with the MSG_PEEK
flag. This may create a kernel panic or memory corruption leading to
privilege escalation.

Mitre Description
=================
udp.c in the Linux kernel before 4.5 allows remote attackers to
execute arbitrary code via UDP traffic that triggers an unsafe second
checksum calculation during execution of a recv system call with the
MSG_PEEK flag.

References
==========
https://nvd.nist.gov/vuln/detail/CVE-2016-10229

Upstream patch
===============
https://git.enea.com/cgit/linux/meta-enea-bsp-arm.git/patch/?id=2ee7736a
2d27414ae0f6c573f81232ac81585601

Correction for Enea Linux
=========================
https://git.enea.com/cgit/linux/meta-enea-bsp-ppc.git/patch/?id=7fa63864
b6a627b7406c181d93f1550aef2e67e5

How to get the latest patches
=============================
- - If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git -b
krogoth -m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:
http://www.enea.com/solutions/Enea-Linux/Security/

For the CVEs fixed at Enea Linux releases see CVE list:
http://www.enea.com/products/security/security-updates

For custom packages/releases please use the Support Channel:
http://www.enea.com/solutions/support.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZHtlzAAoJEAilI68fskZdDSwH/0iQFp2M6PZLS1v9nM/JVKXZ
i1e3QV5hPkDroAs0eJAlZsYhZz80ANjCuz/HyxZRHXCW989TOTF8jXHERvdD7ctA
o0Fn7Simh5E+Q27vojmFPCyw6SggeDM8Qfm2q61CYRzVVjyz0WcbwftqtIwG0EI0
w0p7YutOLKuyTSrf6LhOon7eFNKprhwxXjToL70Gi856Y0wsl20kz9+JM4UBbXDe
mUIle7Y39pr/Jafs7xVQmv+rafEzV8sXOwiG4meEulG0NHZgt3A1u0el9Gb0dvoh
vPsANEsWSKQ5N5AzGGLcnhjasZ7WGYJ8dS2zcw5txrYiygkUdX+Xn37HYKk/Y4s=
=wvGo
-----END PGP SIGNATURE-----


More information about the security-announce mailing list