Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)

To: Robert Millan <rmh@debian.org>
Subject: Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 16 Oct 2011 10:06:10 +0000
Message-id: <[🔎] handler.645377.D645377.131875943724539.ackdone@bugs.debian.org>
References: <E1RFNZT-0004Zt-H7@franck.debian.org> <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>

Your message dated Sun, 16 Oct 2011 10:03:55 +0000
with message-id <E1RFNZT-0004Zt-H7@franck.debian.org>
and subject line Bug#645377: fixed in kfreebsd-8 8.2-9
has caused the Debian Bug report #645377,
regarding kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
645377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645377
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses

From: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Sat, 15 Oct 2011 00:10:32 -0400

Message-id: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>
package: kfreebsd-8
version: 8.1
severity: serious
tag: security , patch

A buffer overflow issue in kfreebsd has been disclosed [0] along with a
poc [1]. patch is available [2].

I've only checked the kfreebsd-8 source, but the description says -7 is
affected, and 9- and higher may be as well; I haven't checked those.

Best wishes,
Mike

[0] http://www.securityfocus.com/archive/1/519864/30/0/threaded
[1] http://www.exploit-db.com/exploits/17908/
[2] http://security.freebsd.org/patches/SA-11:05/unix.patch
--- End Message ---

--- Begin Message ---

To: 645377-close@bugs.debian.org
Subject: Bug#645377: fixed in kfreebsd-8 8.2-9
From: Robert Millan <rmh@debian.org>
Date: Sun, 16 Oct 2011 10:03:55 +0000
Message-id: <E1RFNZT-0004Zt-H7@franck.debian.org>

Source: kfreebsd-8
Source-Version: 8.2-9

We believe that the bug you reported is fixed in the latest version of
kfreebsd-8, which is due to be installed in the Debian FTP archive:

kfreebsd-8_8.2-9.debian.tar.gz
  to main/k/kfreebsd-8/kfreebsd-8_8.2-9.debian.tar.gz
kfreebsd-8_8.2-9.dsc
  to main/k/kfreebsd-8/kfreebsd-8_8.2-9.dsc
kfreebsd-headers-8-amd64_8.2-9_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8-amd64_8.2-9_kfreebsd-amd64.deb
kfreebsd-headers-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
kfreebsd-headers-8.2-1_8.2-9_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8.2-1_8.2-9_kfreebsd-amd64.deb
kfreebsd-image-8-amd64_8.2-9_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-image-8-amd64_8.2-9_kfreebsd-amd64.deb
kfreebsd-image-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-image-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
kfreebsd-source-8.2_8.2-9_all.deb
  to main/k/kfreebsd-8/kfreebsd-source-8.2_8.2-9_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 645377@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Robert Millan <rmh@debian.org> (supplier of updated kfreebsd-8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 16 Oct 2011 10:44:30 +0200
Source: kfreebsd-8
Binary: kfreebsd-source-8.2 kfreebsd-headers-8.2-1 kfreebsd-image-8.2-1-amd64 kfreebsd-image-8-amd64 kfreebsd-headers-8.2-1-amd64 kfreebsd-headers-8-amd64 kfreebsd-image-8.2-1-486 kfreebsd-image-8-486 kfreebsd-headers-8.2-1-486 kfreebsd-headers-8-486 kfreebsd-image-8.2-1-686 kfreebsd-image-8-686 kfreebsd-headers-8.2-1-686 kfreebsd-headers-8-686 kfreebsd-image-8.2-1-686-smp kfreebsd-image-8-686-smp kfreebsd-headers-8.2-1-686-smp kfreebsd-headers-8-686-smp kfreebsd-image-8.2-1-xen kfreebsd-image-8-xen kfreebsd-headers-8.2-1-xen kfreebsd-headers-8-xen kfreebsd-image-8.2-1-malta kfreebsd-image-8-malta kfreebsd-headers-8.2-1-malta kfreebsd-headers-8-malta
Architecture: source all kfreebsd-amd64
Version: 8.2-9
Distribution: unstable
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Robert Millan <rmh@debian.org>
Description: 
 kfreebsd-headers-8-486 - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-686 - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-686-smp - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-amd64 - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-malta - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-xen - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8.2-1 - Common architecture-specific header files for kernel of FreeBSD 8
 kfreebsd-headers-8.2-1-486 - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-686 - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-686-smp - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-amd64 - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-malta - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-xen - header files for kernel of FreeBSD 8.2
 kfreebsd-image-8-486 - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-686 - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-686-smp - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-amd64 - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-malta - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-xen - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8.2-1-486 - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-686 - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-686-smp - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-amd64 - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-malta - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-xen - kernel of FreeBSD 8.2 image
 kfreebsd-source-8.2 - source code for kernel of FreeBSD 8.2 with Debian patches
Closes: 645377
Changes: 
 kfreebsd-8 (8.2-9) unstable; urgency=high
 .
   * 000_unix_socket_overflow.diff: Fix for FreeBSD-SA-11:05.unix.
     (Closes: #645377)
Checksums-Sha1: 
 a41a7be2a954d7694123021323668efb1ea5a6de 3411 kfreebsd-8_8.2-9.dsc
 7fa24fe8c1efbbe615bc34fef344649c9e91a8ff 98154 kfreebsd-8_8.2-9.debian.tar.gz
 6a0ef14b769077f6c797af6df8661da587a50ec7 18737726 kfreebsd-source-8.2_8.2-9_all.deb
 b29d531f2e2071f3c6229d8e424825045d113b7b 7316138 kfreebsd-headers-8.2-1_8.2-9_kfreebsd-amd64.deb
 55f47ac68da63ae0cc11f456b6fa21425358ca42 13959250 kfreebsd-image-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
 f5f1a6362650567db4d658550582a0e58ea0aab0 48916 kfreebsd-image-8-amd64_8.2-9_kfreebsd-amd64.deb
 854cdcd114e1862e0d1424e261afffe86e3e7b74 327674 kfreebsd-headers-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
 ecae6c142de9828a795216545ec8d1b19d49a6dc 48800 kfreebsd-headers-8-amd64_8.2-9_kfreebsd-amd64.deb
Checksums-Sha256: 
 ca97d0469d2ff2cfda5c82d3dbf0e5edc0556c61ae2b2b8bf3dbb8204a1090d8 3411 kfreebsd-8_8.2-9.dsc
 3012eec4fe0bc93d9a4ae0aa42f86c904de37355815876e07c72d69c3bc0bf5b 98154 kfreebsd-8_8.2-9.debian.tar.gz
 bcce287553c28a1be0f6eb8a7f2cf0f8dfaa0847b983724717ac699bbc3fc096 18737726 kfreebsd-source-8.2_8.2-9_all.deb
 df0cb1d8dbb490299e5b262d883c67138c8349b37d6f6f5f0fc630e1ef2da251 7316138 kfreebsd-headers-8.2-1_8.2-9_kfreebsd-amd64.deb
 4e62ccbb06f890f12edc5e09902a35cd6771154ce01a9b32add5aed1d332ac67 13959250 kfreebsd-image-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
 d390e41d0f5172dba6b3eaa0ed7d23b32772754e55c099f22ade987ce2e013f5 48916 kfreebsd-image-8-amd64_8.2-9_kfreebsd-amd64.deb
 2d8f82c66dcbe9fc1bf2b1c42a926bff534e06209c82dbb1bca3b7a1aa632b7a 327674 kfreebsd-headers-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
 a42a7c66c978517b1a1da388a1766e36ec26a43c14752e0c10162d1ef83a8e01 48800 kfreebsd-headers-8-amd64_8.2-9_kfreebsd-amd64.deb
Files: 
 e66af642cafe3c70b4afaa94d2cda474 3411 kernel optional kfreebsd-8_8.2-9.dsc
 9d370c25eb56bd9c4077f8ef37f5a210 98154 kernel optional kfreebsd-8_8.2-9.debian.tar.gz
 f3b9116645a1f5c9815feff3be1c2309 18737726 kernel optional kfreebsd-source-8.2_8.2-9_all.deb
 56a9e34f87cd688d5fba970886866512 7316138 kernel optional kfreebsd-headers-8.2-1_8.2-9_kfreebsd-amd64.deb
 67f71e18bd1636087e7f8743b185ee79 13959250 kernel optional kfreebsd-image-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
 9ac928b874a465f5660835590e21f00b 48916 kernel optional kfreebsd-image-8-amd64_8.2-9_kfreebsd-amd64.deb
 13e0ab0b73187507e1fc5c5ac1803fe6 327674 kernel optional kfreebsd-headers-8.2-1-amd64_8.2-9_kfreebsd-amd64.deb
 7feedf6205bd5d62f79d9d1fe6971ddf 48800 kernel optional kfreebsd-headers-8-amd64_8.2-9_kfreebsd-amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/kFreeBSD)

iEYEARECAAYFAk6apQ0ACgkQC19io6rUCv84OACbB4pIx5bGdjlduhughhDjmQwG
unIAn1w7JcuY9VD62rG8w/P0NpzOcx5/
=MCKp
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#645377: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#645469: bind() fails for AF_UNIX sockets with EINVAL
Next by Date: Processing of kfreebsd-8_8.2-9_kfreebsd-amd64.changes
Previous by thread: Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
Next by thread: Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
Index(es):
- Date
- Thread