diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-01-27 10:45:52 +0100 |
---|---|---|
committer | Paul Vaduva <Paul.Vaduva@enea.com> | 2016-01-28 09:17:35 +0100 |
commit | f846a18b030d4bccbb7a2d1fb7359df6c6c69048 (patch) | |
tree | 77a25f09545a30519ea1b141a71a2e483d1ef05b /recipes-kernel/linux/linux-hierofalcon_3.19.bb | |
parent | e568d65e41f3fde7db8a8aab60ac7e750ea73325 (diff) | |
download | meta-hierofalcon-f846a18b030d4bccbb7a2d1fb7359df6c6c69048.tar.gz |
kernel:vfs: CVE-2015-2925
Fixes a flaw which was found in the way the Linux kernel's file system
implementation handled rename operations in which the source was inside
and the destination was outside of a bind mount.
A privileged user inside a container could use this flaw to escape the bind
mount and, potentially, escalate their privileges on the system.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
http://www.openwall.com/lists/oss-security/2015/04/03/7
Reference to the upstream fixes:
vfs: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37
dcache: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
Diffstat (limited to 'recipes-kernel/linux/linux-hierofalcon_3.19.bb')
-rw-r--r-- | recipes-kernel/linux/linux-hierofalcon_3.19.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index 6e77066..7f4720a 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb | |||
@@ -29,6 +29,8 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6 | |||
29 | file://ipv4-CVE-2015-3636.patch \ | 29 | file://ipv4-CVE-2015-3636.patch \ |
30 | file://usb-whiteheat-CVE-2015-5257.patch \ | 30 | file://usb-whiteheat-CVE-2015-5257.patch \ |
31 | file://security-keys-CVE-2016-0728.patch \ | 31 | file://security-keys-CVE-2016-0728.patch \ |
32 | file://vfs-CVE-2015-2925.patch \ | ||
33 | file://dcache-CVE-2015-2925.patch \ | ||
32 | " | 34 | " |
33 | 35 | ||
34 | S = "${WORKDIR}/git" | 36 | S = "${WORKDIR}/git" |