]> code.ossystems Code Review - meta-freescale.git/commit
Code Review / meta-freescale.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a870bef) | patch
linux-qoriq: fix CVE-2016-0758
authorSona Sarmadi <sona.sarmadi@enea.com>
Wed, 30 Nov 2016 12:17:39 +0000 (13:17 +0100)
committerOtavio Salvador <otavio@ossystems.com.br>
Fri, 9 Dec 2016 11:41:45 +0000 (09:41 -0200)
commitc81b13fce917cfa8a0bb98da18817dcc14ac6b11
tree5db1efe28a2fceb589c36756ac5df5d004377f22tree | snapshot
parenta870befa7789197b0091cc18c9c5196a848a75c7commit | diff
linux-qoriq: fix CVE-2016-0758

Fixes a flaw in the Linux kernel's ASN.1 DER decoder processed
certain certificate files with tags of indefinite length. A local,
unprivileged user could use a specially crafted X.509 certificate
DER file to crash the system or, potentially, escalate their
privileges on the system.

References:
https://lkml.org/lkml/2016/5/12/270

Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/
?id=af00ae6ef5a2c73f21ba215c476570b7772a14fb [backported from stable 3.16]

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
recipes-kernel/linux/linux-qoriq/CVE-2016-0758.patch [new file with mode: 0644] blob
recipes-kernel/linux/linux-qoriq_4.1.bb diff | blob | history