[security-announce] Security Update: linux-yocto update 4.4.60 -> 4.4.67 to fix CVE-2016-10229 ** HIGH **

Sona Sarmadi sona.sarmadi at enea.com
Wed May 24 13:34:02 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (linux-yocto 4.4)
Severity: High
Architecture: QEMU (ARM/PPC/x86)
CVE Name: CVE-2016-10229
====================================================================

The upgrade addresses following vulnerability:
CVE-2016-10229: net: Unsafe second checksum calculation in udp.c

Description
===========
udp.c in the Linux kernel before 4.5 allows remote attackers to
execute arbitrary code via UDP traffic that triggers an unsafe second
checksum calculation during execution of a recv system call with the
MSG_PEEK flag.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229

Upstream patch
==============
https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2
abbf93191

Correction for Enea Linux
=========================
https://git.enea.com/cgit/linux/poky.git/patch/?id=5b05e21d502db12140626
827c85e8cc9ee8acdc0


How to get the latest patches
=============================
- - If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for the Enea Linux 6.0 standard,
follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo $ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init -u git://git.enea.com/linux/el_manifests-standard.git -b
krogoth -m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

For gerneral security refer to Enea Linux Security page:
http://www.enea.com/solutions/Enea-Linux/Security/

For the CVEs fixed at Enea Linux releases see CVE list:
http://www.enea.com/products/security/security-updates

For custom packages/releases please use the Support Channel:
http://www.enea.com/solutions/support.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZJW+pAAoJEAilI68fskZdn1YIAKc9i1v4K+Z88vYQ8HpHJlvE
cFSQWjC0eYfi6jOD3KCNE9LDbAWVMZiMRAJgvxrSLbalSCji0TuXLvykY+3XpJ7s
98Z4JpUMNu0FKJuungtILwXu9p3gWAksj4y467g9xbTXZ3kuAahFODdIj1vdZgKx
O/cmGfH3DwCO+S8JNk2V1s8D7axvwI0qqsoJ5xYx0EukLksI7fVReYwH1L7ts9ir
YXm6hwPpW8vmoS2IRIV0+yh7CgHREvh1PtJKTIxdWSt+7TmeiyvE07KM7eSGJ29n
YcnHi64pBcDmTtZJilMe4XiDOo8EHv2hTCQJarnNHoKvgyBKMb/BNnG7B6ZskuA=
=AkZD
-----END PGP SIGNATURE-----


More information about the security-announce mailing list