code.ossystems Code Review - meta-freescale.git/commit

author	Sona Sarmadi <sona.sarmadi@enea.com>
	Wed, 30 Nov 2016 12:17:38 +0000 (13:17 +0100)
committer	Otavio Salvador <otavio@ossystems.com.br>
	Fri, 9 Dec 2016 11:41:45 +0000 (09:41 -0200)
commit	a870befa7789197b0091cc18c9c5196a848a75c7
tree	94cdd5fc34930b8fe8d695d5446419b8ca95b264	tree \| snapshot
parent	0d28c2bcf1a2081e45bbb81c5efdb7c5cb3a1532	commit \| diff

linux-qoriq: fix CVE-2016-2053

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux
kernel before 4.3 allows attackers to cause a denial of service
(panic) via an ASN.1 BER file that lacks a public key, leading
to mishandling by the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2053

upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/
?id=15430f775ee686b61569a0c3e74cf0b2ad57c8eb [backported from stable 3.16]

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

recipes-kernel/linux/linux-qoriq/CVE-2016-2053.patch	[new file with mode: 0644]	blob
recipes-kernel/linux/linux-qoriq_4.1.bb		diff \| blob \| history