Debian Bug report logs -
#779194
kfreebsd-10: CVE-2014-0998: vt crash via ioctl
Reported by: Steven Chamberlain <steven@pyro.eu.org>
Date: Wed, 25 Feb 2015 11:39:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in versions kfreebsd-10/10.1~svn274115-2, kfreebsd-10/10.0-3
Fixed in version kfreebsd-10/10.1~svn274115-3
Done: Steven Chamberlain <steven@pyro.eu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, steven@pyro.eu.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#779194; Package src:kfreebsd-10.
(Wed, 25 Feb 2015 11:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Steven Chamberlain <steven@pyro.eu.org>:
New Bug report received and forwarded. Copy sent to steven@pyro.eu.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>.
(Wed, 25 Feb 2015 11:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:kfreebsd-10
Version: 10.1~svn274115-2
Severity: grave
Tags: security upstream patch
Control: found -1 kfreebsd-10/10.0-3
Hi,
An unprivileged local user can trigger an out-of-bounds memory
access in the kernel via an ioctl to vt(4) (aka. newcons).
https://security.FreeBSD.org/patches/EN-15:01/vt.patch
Upstream's advisory only describes potential impact as a kernel panic.
The original researcher's advisory mentioned privilege escalation, but
it's ambiguous if that referred to this bug, and unclear if it could be
exploitable for that.
Debian GNU/kFreeBSD introduced newcons into 10.0-3 as a backport.
kfreebsd-10 in jessie/sid enables it by default. So does
kfreebsd-11 in experimental.
kfreebsd-8 and -9 in wheezy are unaffected as they do not have newcons.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Marked as found in versions kfreebsd-10/10.0-3.
Request was from Steven Chamberlain <steven@pyro.eu.org>
to submit@bugs.debian.org.
(Wed, 25 Feb 2015 11:39:06 GMT) (full text, mbox, link).
Reply sent
to Steven Chamberlain <steven@pyro.eu.org>:
You have taken responsibility.
(Wed, 25 Feb 2015 21:42:16 GMT) (full text, mbox, link).
Notification sent
to Steven Chamberlain <steven@pyro.eu.org>:
Bug acknowledged by developer.
(Wed, 25 Feb 2015 21:42:16 GMT) (full text, mbox, link).
Message #12 received at 779194-close@bugs.debian.org (full text, mbox, reply):
Source: kfreebsd-10
Source-Version: 10.1~svn274115-3
We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 779194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-10 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Feb 2015 12:39:32 +0000
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-3
Distribution: unstable
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description:
acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
crypto-modules-10.1-0-486-di - crypto modules (udeb)
crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
floppy-modules-10.1-0-486-di - Floppy driver (udeb)
floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
i2c-modules-10.1-0-486-di - i2c support modules (udeb)
i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
md-modules-10.1-0-486-di - RAID and LVM support (udeb)
md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
parport-modules-10.1-0-486-di - Parallel port support (udeb)
parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
plip-modules-10.1-0-486-di - PLIP drivers (udeb)
plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
ppp-modules-10.1-0-486-di - PPP drivers (udeb)
ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
sata-modules-10.1-0-486-di - SATA drivers (udeb)
sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
serial-modules-10.1-0-486-di - Serial drivers (udeb)
serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
sound-modules-10.1-0-486-di - sound support (udeb)
sound-modules-10.1-0-amd64-di - sound support (udeb)
usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
zlib-modules-10.1-0-486-di - zlib modules (udeb)
zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 779194 779195
Changes:
kfreebsd-10 (10.1~svn274115-3) unstable; urgency=high
.
* Pick SVN r279264 from FreeBSD 10.1-RELEASE to fix:
- SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
(Closes: #779195)
- EN-15:01: vt(4) crash with improper ioctl parameters
(CVE-2014-0998) (Closes: #779194)
Checksums-Sha1:
485471f1a0aaa2f649e0131eab78b5ac5d1f8c7d 11361 kfreebsd-10_10.1~svn274115-3.dsc
9b759bc8458d6975f71f9eea5e649a5ecd7303fb 142948 kfreebsd-10_10.1~svn274115-3.debian.tar.xz
97a76f10272b78209d751b2a1a6895dc12de18ba 26771298 kfreebsd-source-10.1_10.1~svn274115-3_all.deb
Checksums-Sha256:
bb17250a17684d47cd5a037dac9ec2d3190e596bfec46c63f000419a17e4d959 11361 kfreebsd-10_10.1~svn274115-3.dsc
f2bdc0cb0c8195a8795a96eab2b97aee413337c08c44b0a1bf67ce157cdc54b7 142948 kfreebsd-10_10.1~svn274115-3.debian.tar.xz
b4c08c9ec35fecb192d5c6c7a16a56cfa251b58b3865fa721605c2f639f20eef 26771298 kfreebsd-source-10.1_10.1~svn274115-3_all.deb
Files:
6a7048599c677832ca9cca6bbf29cd60 11361 kernel optional kfreebsd-10_10.1~svn274115-3.dsc
5a21b9aaea092eccbc86acb1ee02cbe5 142948 kernel optional kfreebsd-10_10.1~svn274115-3.debian.tar.xz
7ac26e3d81e277d88d03db2a3c1bcb30 26771298 kernel optional kfreebsd-source-10.1_10.1~svn274115-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJU7iXjAAoJELrpzbaMAu5TE7sH/0Z0LBiSGjvmQ1ZthfZMCQc4
2OK73C7hVlxdPsf9lht6FUuGLq/aSnVeeZQH8KXCXIyneJya88Ax2LnQJJWRHeGF
wr+riO16TW5sDTKuygIfga6+O/o6AhsZwG2DWjFVNNalBMiPdXP/MsN+oMwXWlah
tiCHUeZhZ+4d3x37ACLPto4LD4AAQBtmmc97uqwvapT20n/ABUNUrFddsHQrIiR+
P7grKeB4l3+sAUOArMsY2YnkYqmPivFcvx4sfjv3VcJWeFgKgJMysC6o0Y21BNea
O29euZ7zviBb0sZl2CVGTKmKVsDVXRIuSEQYo5Jvc0J2E7iLeLhpoLa0lLflQp4=
=Ogb/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 08 Apr 2015 07:30:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:33:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon