Bug#391289: marked as done (kfreebsd-5: several security issues in freebsd)

To: Aurelien Jarno <aurelien@aurel32.net>
Subject: Bug#391289: marked as done (kfreebsd-5: several security issues in freebsd)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 12 Jan 2008 17:33:06 +0000
Message-id: <[🔎] handler.391289.D391289.120015912521688.ackdone@bugs.debian.org>
References: <20080112173201.GA18189@volta.aurel32.net> <20061005200733.9606.55142.reportbug@k.lan>

Your message dated Sat, 12 Jan 2008 18:32:03 +0100
with message-id <20080112173201.GA18189@volta.aurel32.net>
and subject line kfreebsd-5: several security issues in freebsd
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kfreebsd-5: several security issues in freebsd
From: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 05 Oct 2006 22:07:33 +0200
Message-id: <20061005200733.9606.55142.reportbug@k.lan>

Package: kfreebsd-5
Severity: grave
Tags: security
Justification: user security hole


Some security issues have been found in FreeBSD that probably affect
the Debian FreeBSD kernel:

CVE-2006-4304:

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD
2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before
20060902 allows remote attackers to cause a denial of service (panic),
obtain sensitive information, and possibly execute arbitrary code via
crafted Link Control Protocol (LCP) packets with an option length that
exceeds the overall length, which triggers the overflow in (1) pppoe
and (2) ippp.  NOTE: this issue was originally incorrectly reported
for the ppp driver.

CVE-2006-4178:

Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and
possibly earlier versions down to 5.2, allows local users to cause a
denial of service (crash) via unspecified arguments that use negative
signed integers to cause the bzero function to be called with a large
length parameter, a different vulnerability than CVE-2006-4172.

CVE-2006-4172:

Integer overflow vulnerability in the i386_set_ldt call in FreeBSD
5.5, and possibly earlier versions down to 5.2, allows local users to
cause a denial of service (crash) and possibly execute arbitrary code
via unspecified vectors, a different vulnerability than CVE-2006-4178.

--- End Message ---

--- Begin Message ---

To: Stefan Fritsch <sf@sfritsch.de>
Cc: 391289-done@bugs.debian.org
Subject: Re: kfreebsd-5: several security issues in freebsd
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 12 Jan 2008 18:32:03 +0100
Message-id: <20080112173201.GA18189@volta.aurel32.net>
In-reply-to: <20061005200733.9606.55142.reportbug@k.lan>
References: <20061005200733.9606.55142.reportbug@k.lan>

On Thu, Oct 05, 2006 at 10:07:33PM +0200, Stefan Fritsch wrote:
> Package: kfreebsd-5
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 
> Some security issues have been found in FreeBSD that probably affect
> the Debian FreeBSD kernel:
> 
> CVE-2006-4304:
> 
> Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD
> 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before
> 20060902 allows remote attackers to cause a denial of service (panic),
> obtain sensitive information, and possibly execute arbitrary code via
> crafted Link Control Protocol (LCP) packets with an option length that
> exceeds the overall length, which triggers the overflow in (1) pppoe
> and (2) ippp.  NOTE: this issue was originally incorrectly reported
> for the ppp driver.
> 
> CVE-2006-4178:
> 
> Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and
> possibly earlier versions down to 5.2, allows local users to cause a
> denial of service (crash) via unspecified arguments that use negative
> signed integers to cause the bzero function to be called with a large
> length parameter, a different vulnerability than CVE-2006-4172.
> 
> CVE-2006-4172:
> 
> Integer overflow vulnerability in the i386_set_ldt call in FreeBSD
> 5.5, and possibly earlier versions down to 5.2, allows local users to
> cause a denial of service (crash) and possibly execute arbitrary code
> via unspecified vectors, a different vulnerability than CVE-2006-4178.
> 

kfreebsd-5 has been removed in the archive. Please use kfreebsd-6 or
kfreebsd-7 which don't have those problems.

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

--- End Message ---

Reply to:

Prev by Date: Processed: reassign 322197 to kfreebsd-6
Next by Date: Bug#323154: marked as done (header protection in <sys/syscall.h>)
Previous by thread: Processed: reassign 322197 to kfreebsd-6
Next by thread: Bug#323154: marked as done (header protection in <sys/syscall.h>)
Index(es):
- Date
- Thread