* upgrade kernel version from 3.12.37 -> 3.12.72 to address CVE-2017-2636 and some other CVEs in
@ 2017-03-21 9:54 Sona Sarmadi
2017-03-23 15:01 ` Zhenhua Luo
0 siblings, 1 reply; 2+ messages in thread
From: Sona Sarmadi @ 2017-03-21 9:54 UTC (permalink / raw)
To: meta-freescale, Zhenhua Luo
[-- Attachment #1: Type: text/plain, Size: 2692 bytes --]
Hi all,
I would like to know what is your opinion about upgrading the Linux kernel used in "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x" to address the new Linux kernel vulnerability CVE-2017-2636 ( see below for more info) and some other CVEs ?
CVE-2017-2636 Linux kernel flaw was spotted after seven years and quickly fixed
http://securityaffairs.co/wordpress/57194/hacking/cve-2017-2636-linux-kernel-flaw.html
Those who want the latest security fixes (plus other fixes) can add this patch to the "meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb" and upgrade the kernel version:
diff -Nurp b/Makefile a/Makefile
--- b/Makefile 2017-03-21 09:03:21.268339298 +0100
+++ a/Makefile 2017-03-21 09:03:53.258969199 +0100
@@ -1,6 +1,6 @@
VERSION = 3
PATCHLEVEL = 12
-SUBLEVEL = 37
+SUBLEVEL = 72
EXTRAVERSION =
NAME = One Giant Leap for Frogkind
We could just fetch the patch but the patch fails when applying in our version, some modification is needed. I think it is less risk to upgrade the kernel version rather than to modify the patch and backport it to 3.12.37 version.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.12.72&qt=grep&q=tty%3A+n_hdlc%3A+get+rid+of+racy+n_hdlc.tbuf
I have run some basic tests and everything seems work after the upgrade:
root@p2041rdb:~# uname -a
Linux p2041rdb 3.12.72-rt51 #4 SMP PREEMPT Tue Mar 21 09:42:59 CET 2017 ppc GNU/Linux
root@p2041rdb:~#
Do you have any suggestion on more tests just to be sure that the upgrade will not cause an issue?
Thanks
//Sona
---------------------------------------
Sona Sarmadi
Security Responsible for Enea Linux/
GPG Fingerprint: 444F A5E9 CDC6 4620 85C7 2CA9 60FF AF33 15BD 5928
Enea Software AB
Jan Stenbecks Torg 17
P.O Box 1033
SE-164 26 Kista, Sweden
Phone +46 70 971 4475
www.enea.com<www.enea.com%20>
This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake
please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone. All messages sent to and from
Enea may be monitored to ensure compliance with internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be
error free as they can be intercepted, a mended, lost or destroyed, or contain viruses. The sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a result of email transmission. Anyone who communicates with us by email accepts these risks.
[-- Attachment #2: Type: text/html, Size: 5912 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: upgrade kernel version from 3.12.37 -> 3.12.72 to address CVE-2017-2636 and some other CVEs in
2017-03-21 9:54 upgrade kernel version from 3.12.37 -> 3.12.72 to address CVE-2017-2636 and some other CVEs in Sona Sarmadi
@ 2017-03-23 15:01 ` Zhenhua Luo
0 siblings, 0 replies; 2+ messages in thread
From: Zhenhua Luo @ 2017-03-23 15:01 UTC (permalink / raw)
To: Sona Sarmadi; +Cc: meta-freescale
[-- Attachment #1: Type: text/plain, Size: 3112 bytes --]
Hi Sona,
To fix bug for released version, my suggestion is to backport corresponding patches instead of doing upgrade.
Best Regards,
Zhenhua
From: Sona Sarmadi [mailto:sona.sarmadi@enea.com]
Sent: Tuesday, March 21, 2017 5:55 PM
To: meta-freescale@yoctoproject.org; Zhenhua Luo <zhenhua.luo@nxp.com>
Subject: upgrade kernel version from 3.12.37 -> 3.12.72 to address CVE-2017-2636 and some other CVEs in
Hi all,
I would like to know what is your opinion about upgrading the Linux kernel used in "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x" to address the new Linux kernel vulnerability CVE-2017-2636 ( see below for more info) and some other CVEs ?
CVE-2017-2636 Linux kernel flaw was spotted after seven years and quickly fixed
http://securityaffairs.co/wordpress/57194/hacking/cve-2017-2636-linux-kernel-flaw.html
Those who want the latest security fixes (plus other fixes) can add this patch to the "meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb" and upgrade the kernel version:
diff -Nurp b/Makefile a/Makefile
--- b/Makefile 2017-03-21 09:03:21.268339298 +0100
+++ a/Makefile 2017-03-21 09:03:53.258969199 +0100
@@ -1,6 +1,6 @@
VERSION = 3
PATCHLEVEL = 12
-SUBLEVEL = 37
+SUBLEVEL = 72
EXTRAVERSION =
NAME = One Giant Leap for Frogkind
We could just fetch the patch but the patch fails when applying in our version, some modification is needed. I think it is less risk to upgrade the kernel version rather than to modify the patch and backport it to 3.12.37 version.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.12.72&qt=grep&q=tty%3A+n_hdlc%3A+get+rid+of+racy+n_hdlc.tbuf
I have run some basic tests and everything seems work after the upgrade:
root@p2041rdb:~# uname -a
Linux p2041rdb 3.12.72-rt51 #4 SMP PREEMPT Tue Mar 21 09:42:59 CET 2017 ppc GNU/Linux
root@p2041rdb:~#
Do you have any suggestion on more tests just to be sure that the upgrade will not cause an issue?
Thanks
//Sona
---------------------------------------
Sona Sarmadi
Security Responsible for Enea Linux/
GPG Fingerprint: 444F A5E9 CDC6 4620 85C7 2CA9 60FF AF33 15BD 5928
Enea Software AB
Jan Stenbecks Torg 17
P.O Box 1033
SE-164 26 Kista, Sweden
Phone +46 70 971 4475
www.enea.com<www.enea.com%20>
This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake
please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone. All messages sent to and from
Enea may be monitored to ensure compliance with internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be
error free as they can be intercepted, a mended, lost or destroyed, or contain viruses. The sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a result of email transmission. Anyone who communicates with us by email accepts these risks.
[-- Attachment #2: Type: text/html, Size: 15771 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-23 15:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-21 9:54 upgrade kernel version from 3.12.37 -> 3.12.72 to address CVE-2017-2636 and some other CVEs in Sona Sarmadi
2017-03-23 15:01 ` Zhenhua Luo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.