From f846a18b030d4bccbb7a2d1fb7359df6c6c69048 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Wed, 27 Jan 2016 10:45:52 +0100 Subject: kernel:vfs: CVE-2015-2925 Fixes a flaw which was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925 http://www.openwall.com/lists/oss-security/2015/04/03/7 Reference to the upstream fixes: vfs: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/ commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37 dcache: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/ commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65 Signed-off-by: Sona Sarmadi Signed-off-by: Paul Vaduva --- recipes-kernel/linux/linux-hierofalcon_4.1.bb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'recipes-kernel/linux/linux-hierofalcon_4.1.bb') diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb index 61b1dae..4fafe34 100644 --- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb +++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb @@ -28,6 +28,8 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64 file://vhost-CVE-2015-6252.patch \ file://usb-whiteheat-CVE-2015-5257.patch \ file://security-keys-CVE-2016-0728.patch \ + file://vfs-CVE-2015-2925.patch \ + file://dcache-CVE-2015-2925.patch \ " S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf