Bug#811278: kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:02]

To: submit@bugs.debian.org
Subject: Bug#811278: kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:02]
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Sun, 17 Jan 2016 15:49:25 +0000
Message-id: <[🔎] 20160117154924.GB89333@pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 811278@bugs.debian.org

Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: grave
Tags: security upstream                                                                                           
Control: found -1 10.1~svn274115-10

kfreebsd's Linux binary compatibility layer (linux.ko module) may be
vulnerable to local privilege escalation.  This module is typically not
used by Debian GNU/kFreeBSD unless the system administrator has enabled
it.

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:03.linux.asc

This affects kfreebsd-10, and also kfreebsd-9 in wheezy.

Reply to:

Follow-Ups:
- Processed: kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:02]
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#811278: marked as done (kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:03])
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: kfreebsd-10: CVE-2016-1879: SCTP ICMPv6 error message vulnerability [SA-16:01]
Next by Date: Processed: kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:02]
Previous by thread: Bug#811277: marked as done (kfreebsd-10: CVE-2016-1879: SCTP ICMPv6 error message vulnerability [SA-16:01])
Next by thread: Processed: kfreebsd-10: CVE-2016-1880: Linux compatibility layer incorrect futex handling [SA-16:02]
Index(es):
- Date
- Thread