Bug#720468: kfreebsd-9: CVE-2013-3077: local ip_multicast buffer overflow
Package: src:kfreebsd-9 Version: 9.0-10+deb70.2 Severity: grave Tags: security upstream http://security.FreeBSD.org/advisories/FreeBSD-SA-13:09.ip_multicast.asc integer overflow in IP_MSFILTER An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation. kfreebsd-8 and kfreebsd-9 in wheezy will need the patch from r254629 kfreebsd-9 in jessie/sid will need updating to r254630 or later kfreebsd-10 in experimental will need updating to r254629 or later kfreebsd-8 8.1 in oldstable looks to be affected too (likely introduced in r189592 or earlier). The same patch should be suitable. -- System Information: Debian Release: 7.1 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages kfreebsd-image-9.0-2-amd64-xenhvm depends on: ii devd 9.0-10+deb70.2 ii freebsd-utils 9.0-10+deb70.2 ii kbdcontrol 9.0-10+deb70.2 ii kldutils 9.0-10+deb70.2 kfreebsd-image-9.0-2-amd64-xenhvm recommends no packages. kfreebsd-image-9.0-2-amd64-xenhvm suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#720468: kfreebsd-9: CVE-2013-3077: local ip_multicast buffer overflow
Processing commands for cont...@bugs.debian.org: found 720468 kfreebsd-9/9.0~svn223109-0.1 Bug #720468 [src:kfreebsd-9] kfreebsd-9: CVE-2013-3077: local ip_multicast buffer overflow Marked as found in versions kfreebsd-9/9.0~svn223109-0.1. thanks Stopping processing here. Please contact me if you need assistance. -- 720468: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720468 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720468: kfreebsd-9: CVE-2013-3077: local ip_multicast buffer overflow
On 22/08/2013 13:41, Steven Chamberlain wrote: kfreebsd-9 in jessie/sid will need updating to r254630 or later [...] kfreebsd-9 in jessie/sid will need updating to r254355 or later These commits are in stable/9, but kfreebsd-9 in sid is tracking releng/9.0, which doesn't have the fix AFAICS. Maybe it would be better to wait for re@ to approve them? -- Robert Millan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720468: kfreebsd-9: CVE-2013-3077: local ip_multicast buffer overflow
On 22/08/2013 22:32, Robert Millan wrote: but kfreebsd-9 in sid is tracking releng/9.0 Eh, never mind. Please ignore what I said. -- Robert Millan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
