Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 24 Oct 2011 01:52:46 +0000
with message-id <E1RI9iY-0002Pz-2j@franck.debian.org>
and subject line Bug#645377: fixed in kfreebsd-8 8.1+dfsg-8+squeeze2
has caused the Debian Bug report #645377,
regarding kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
645377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645377
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
• From: Michael Gilbert <michael.s.gilbert@gmail.com>
• Date: Sat, 15 Oct 2011 00:10:32 -0400
• Message-id: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>

package: kfreebsd-8
version: 8.1
severity: serious
tag: security , patch

A buffer overflow issue in kfreebsd has been disclosed [0] along with a
poc [1]. patch is available [2].

I've only checked the kfreebsd-8 source, but the description says -7 is
affected, and 9- and higher may be as well; I haven't checked those.

Best wishes,
Mike

[0] http://www.securityfocus.com/archive/1/519864/30/0/threaded
[1] http://www.exploit-db.com/exploits/17908/
[2] http://security.freebsd.org/patches/SA-11:05/unix.patch

--- End Message ---

--- Begin Message ---

• To: 645377-close@bugs.debian.org
• Subject: Bug#645377: fixed in kfreebsd-8 8.1+dfsg-8+squeeze2
• From: Aurelien Jarno <aurel32@debian.org>
• Date: Mon, 24 Oct 2011 01:52:46 +0000
• Message-id: <E1RI9iY-0002Pz-2j@franck.debian.org>

Source: kfreebsd-8
Source-Version: 8.1+dfsg-8+squeeze2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-8, which is due to be installed in the Debian FTP archive:

kfreebsd-8_8.1+dfsg-8+squeeze2.diff.gz
  to main/k/kfreebsd-8/kfreebsd-8_8.1+dfsg-8+squeeze2.diff.gz
kfreebsd-8_8.1+dfsg-8+squeeze2.dsc
  to main/k/kfreebsd-8/kfreebsd-8_8.1+dfsg-8+squeeze2.dsc
kfreebsd-headers-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
kfreebsd-headers-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
kfreebsd-headers-8.1-1_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8.1-1_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
kfreebsd-image-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-image-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
kfreebsd-image-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-image-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
kfreebsd-source-8.1_8.1+dfsg-8+squeeze2_all.deb
  to main/k/kfreebsd-8/kfreebsd-source-8.1_8.1+dfsg-8+squeeze2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 645377@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated kfreebsd-8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 18 Oct 2011 00:08:38 +0200
Source: kfreebsd-8
Binary: kfreebsd-source-8.1 kfreebsd-headers-8.1-1 kfreebsd-image-8.1-1-amd64 kfreebsd-image-8-amd64 kfreebsd-headers-8.1-1-amd64 kfreebsd-headers-8-amd64 kfreebsd-image-8.1-1-486 kfreebsd-image-8-486 kfreebsd-headers-8.1-1-486 kfreebsd-headers-8-486 kfreebsd-image-8.1-1-686 kfreebsd-image-8-686 kfreebsd-headers-8.1-1-686 kfreebsd-headers-8-686 kfreebsd-image-8.1-1-686-smp kfreebsd-image-8-686-smp kfreebsd-headers-8.1-1-686-smp kfreebsd-headers-8-686-smp
Architecture: source all kfreebsd-amd64
Version: 8.1+dfsg-8+squeeze2
Distribution: stable-security
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 kfreebsd-headers-8-486 - header files for kernel of FreeBSD 8
 kfreebsd-headers-8-686 - header files for kernel of FreeBSD 8
 kfreebsd-headers-8-686-smp - header files for kernel of FreeBSD 8
 kfreebsd-headers-8-amd64 - header files for kernel of FreeBSD 8
 kfreebsd-headers-8.1-1 - Common architecture-specific header files for kernel of FreeBSD 8
 kfreebsd-headers-8.1-1-486 - header files for kernel of FreeBSD 8.1
 kfreebsd-headers-8.1-1-686 - header files for kernel of FreeBSD 8.1
 kfreebsd-headers-8.1-1-686-smp - header files for kernel of FreeBSD 8.1
 kfreebsd-headers-8.1-1-amd64 - header files for kernel of FreeBSD 8.1
 kfreebsd-image-8-486 - kernel of FreeBSD 8 image
 kfreebsd-image-8-686 - kernel of FreeBSD 8 image
 kfreebsd-image-8-686-smp - kernel of FreeBSD 8 image
 kfreebsd-image-8-amd64 - kernel of FreeBSD 8 image
 kfreebsd-image-8.1-1-486 - kernel of FreeBSD 8.1 image
 kfreebsd-image-8.1-1-686 - kernel of FreeBSD 8.1 image
 kfreebsd-image-8.1-1-686-smp - kernel of FreeBSD 8.1 image
 kfreebsd-image-8.1-1-amd64 - kernel of FreeBSD 8.1 image
 kfreebsd-source-8.1 - source code for kernel of FreeBSD 8.1 with Debian patches
Closes: 645377
Changes: 
 kfreebsd-8 (8.1+dfsg-8+squeeze2) stable-security; urgency=low
 .
   * Add 000_unix_socket_overflow.diff and 918_unix_socket_overflow.diff:
     Fix for FreeBSD-SA-11:05.unix / CVE-2011-4062.  (Closes: #645377)
Checksums-Sha1: 
 b6844ddbe99f6628a64345e4a376875d6c2e1c8f 1934 kfreebsd-8_8.1+dfsg-8+squeeze2.dsc
 f42e1b26ce8cc24dbe529ad33f4077e73dd1c408 26095080 kfreebsd-8_8.1+dfsg.orig.tar.gz
 8553ca29eeb57e79cb8774dc50835a7c6ae1359d 98061 kfreebsd-8_8.1+dfsg-8+squeeze2.diff.gz
 5aa1c92efe95362d3ffd17467edf72e60c045c02 17482118 kfreebsd-source-8.1_8.1+dfsg-8+squeeze2_all.deb
 5eafc8bb6fcc143710e8daa54f2c39fd6ca4f782 6577218 kfreebsd-headers-8.1-1_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 961d5542887f5d1f1d4396e2912d05483f14b362 13400164 kfreebsd-image-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 d9061a0269f1d23ab0dd5bbaeefc4aa1df78d57a 47900 kfreebsd-image-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 919d12d9ab023b0371b75c1bff720f51f6a358cd 312858 kfreebsd-headers-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 11414d5d19104f94f2bdd66a0a8c8c13c09cd66d 47906 kfreebsd-headers-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
Checksums-Sha256: 
 f847fc6655bd6013904b7930ca7a02413f5721ec3883d7d9f4b16a2264731e98 1934 kfreebsd-8_8.1+dfsg-8+squeeze2.dsc
 1871be8b002ce221625009b334ad220f97b244bb67f65a9b79c77f09c3061dc6 26095080 kfreebsd-8_8.1+dfsg.orig.tar.gz
 28da84f3980b82b63d147227619362012d1953e1ab438ea58a271aecf72f882b 98061 kfreebsd-8_8.1+dfsg-8+squeeze2.diff.gz
 ec6759fa51ff02c2f0468679e5dace2123588244421b1a574b628b52efa5b724 17482118 kfreebsd-source-8.1_8.1+dfsg-8+squeeze2_all.deb
 70d3a34321280c40a39fbdad92808f9f157a315875b04365616701f67b291659 6577218 kfreebsd-headers-8.1-1_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 90cd142ffb4e2e520b62d0e3ece9011606bf2e66f5c050bc03d332ae28ed2df5 13400164 kfreebsd-image-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 b4d74a01dc4b3fef96dd609da9c5fbc0b07db33188849eb2762a22e099d331c3 47900 kfreebsd-image-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 9c14aa08826a2a3cbbb348a3c5f46f38f25b03a6637f07c35cf55991c5bc6601 312858 kfreebsd-headers-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 5f197371f38bad14134c447f8fa5fc0ae6f03782a08d9ec6c2f834541f5004db 47906 kfreebsd-headers-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
Files: 
 8d631ef928b2a50353962368f091cd44 1934 kernel optional kfreebsd-8_8.1+dfsg-8+squeeze2.dsc
 d63d117822899c7a16b9d0d4522c6fc9 26095080 kernel optional kfreebsd-8_8.1+dfsg.orig.tar.gz
 f534372b301076b0dec03c93a039a38d 98061 kernel optional kfreebsd-8_8.1+dfsg-8+squeeze2.diff.gz
 a109bda96bae0b961f43212b9b9cedfe 17482118 kernel optional kfreebsd-source-8.1_8.1+dfsg-8+squeeze2_all.deb
 f4c5b5479a0fb7ec2391069277218cf1 6577218 kernel optional kfreebsd-headers-8.1-1_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 a1e9aa640e3612844aaa4d73bac3021e 13400164 kernel optional kfreebsd-image-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 558041013b23791bba220ca4a9399472 47900 kernel optional kfreebsd-image-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 c9a84254e29439a6e68d46573a6bb1c2 312858 kernel optional kfreebsd-headers-8.1-1-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb
 3125e56b8ca2d4c14f87fc1781b184c1 47906 kernel optional kfreebsd-headers-8-amd64_8.1+dfsg-8+squeeze2_kfreebsd-amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOoaq6w3ao2vG823MRArCSAJ9SDIJDyOK/SKijWNLohzzg2Nl6rwCffDGX
E4/+/kIlGL5nrHc6rAXEfy4=
=Vezx
-----END PGP SIGNATURE-----

--- End Message ---