Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 27 Oct 2011 23:18:57 +0000
with message-id <E1RJZDt-00035n-Ib@franck.debian.org>
and subject line Bug#645377: fixed in kfreebsd-8 8.2-11
has caused the Debian Bug report #645377,
regarding kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
645377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645377
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
• From: Michael Gilbert <michael.s.gilbert@gmail.com>
• Date: Sat, 15 Oct 2011 00:10:32 -0400
• Message-id: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>

package: kfreebsd-8
version: 8.1
severity: serious
tag: security , patch

A buffer overflow issue in kfreebsd has been disclosed [0] along with a
poc [1]. patch is available [2].

I've only checked the kfreebsd-8 source, but the description says -7 is
affected, and 9- and higher may be as well; I haven't checked those.

Best wishes,
Mike

[0] http://www.securityfocus.com/archive/1/519864/30/0/threaded
[1] http://www.exploit-db.com/exploits/17908/
[2] http://security.freebsd.org/patches/SA-11:05/unix.patch

--- End Message ---

--- Begin Message ---

• To: 645377-close@bugs.debian.org
• Subject: Bug#645377: fixed in kfreebsd-8 8.2-11
• From: Robert Millan <rmh@debian.org>
• Date: Thu, 27 Oct 2011 23:18:57 +0000
• Message-id: <E1RJZDt-00035n-Ib@franck.debian.org>

Source: kfreebsd-8
Source-Version: 8.2-11

We believe that the bug you reported is fixed in the latest version of
kfreebsd-8, which is due to be installed in the Debian FTP archive:

kfreebsd-8_8.2-11.debian.tar.gz
  to main/k/kfreebsd-8/kfreebsd-8_8.2-11.debian.tar.gz
kfreebsd-8_8.2-11.dsc
  to main/k/kfreebsd-8/kfreebsd-8_8.2-11.dsc
kfreebsd-headers-8-amd64_8.2-11_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8-amd64_8.2-11_kfreebsd-amd64.deb
kfreebsd-headers-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
kfreebsd-headers-8.2-1_8.2-11_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-headers-8.2-1_8.2-11_kfreebsd-amd64.deb
kfreebsd-image-8-amd64_8.2-11_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-image-8-amd64_8.2-11_kfreebsd-amd64.deb
kfreebsd-image-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
  to main/k/kfreebsd-8/kfreebsd-image-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
kfreebsd-source-8.2_8.2-11_all.deb
  to main/k/kfreebsd-8/kfreebsd-source-8.2_8.2-11_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 645377@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Robert Millan <rmh@debian.org> (supplier of updated kfreebsd-8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Oct 2011 21:49:27 +0200
Source: kfreebsd-8
Binary: kfreebsd-source-8.2 kfreebsd-headers-8.2-1 kfreebsd-image-8.2-1-amd64 kfreebsd-image-8-amd64 kfreebsd-headers-8.2-1-amd64 kfreebsd-headers-8-amd64 kfreebsd-image-8.2-1-486 kfreebsd-image-8-486 kfreebsd-headers-8.2-1-486 kfreebsd-headers-8-486 kfreebsd-image-8.2-1-686 kfreebsd-image-8-686 kfreebsd-headers-8.2-1-686 kfreebsd-headers-8-686 kfreebsd-image-8.2-1-686-smp kfreebsd-image-8-686-smp kfreebsd-headers-8.2-1-686-smp kfreebsd-headers-8-686-smp kfreebsd-image-8.2-1-xen kfreebsd-image-8-xen kfreebsd-headers-8.2-1-xen kfreebsd-headers-8-xen kfreebsd-image-8.2-1-malta kfreebsd-image-8-malta kfreebsd-headers-8.2-1-malta kfreebsd-headers-8-malta
Architecture: source all kfreebsd-amd64
Version: 8.2-11
Distribution: unstable
Urgency: low
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Robert Millan <rmh@debian.org>
Description: 
 kfreebsd-headers-8-486 - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-686 - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-686-smp - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-amd64 - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-malta - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8-xen - header files for kernel of FreeBSD 8 (meta-package)
 kfreebsd-headers-8.2-1 - Common architecture-specific header files for kernel of FreeBSD 8
 kfreebsd-headers-8.2-1-486 - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-686 - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-686-smp - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-amd64 - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-malta - header files for kernel of FreeBSD 8.2
 kfreebsd-headers-8.2-1-xen - header files for kernel of FreeBSD 8.2
 kfreebsd-image-8-486 - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-686 - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-686-smp - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-amd64 - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-malta - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8-xen - kernel of FreeBSD 8 image (meta-package)
 kfreebsd-image-8.2-1-486 - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-686 - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-686-smp - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-amd64 - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-malta - kernel of FreeBSD 8.2 image
 kfreebsd-image-8.2-1-xen - kernel of FreeBSD 8.2 image
 kfreebsd-source-8.2 - source code for kernel of FreeBSD 8.2 with Debian patches
Closes: 644417 645377
Changes: 
 kfreebsd-8 (8.2-11) unstable; urgency=low
 .
   [ Aurelien Jarno ]
   * Update 000_unix_socket_overflow.diff from the second security advisory,
     fixing the same issue on the Linux compatibility layer. Closes: #645377.
 .
   [ Robert Millan ]
   * Fix panic on early boot.  (Closes: #644417)
     - Switch back to GCC 4.4.
     - Turn optimization down to -O1 (901_disable_optimization_2.diff).
   * Remove 907_cpu_class.diff (it breaks FreeBSD userland when running
     in a chroot on Debian kernel).
Checksums-Sha1: 
 524db93be0edb23d0b9f5f4543957a65e1e6dbc9 3415 kfreebsd-8_8.2-11.dsc
 608cb7f6b9ae27c68804fe153ff4af49cbc5757c 98716 kfreebsd-8_8.2-11.debian.tar.gz
 8086feb2c0f0909e318a0c0754a61c9303ba3968 18703928 kfreebsd-source-8.2_8.2-11_all.deb
 9cc119dde40a2e3014a816cdadc9e26df6503a20 7335288 kfreebsd-headers-8.2-1_8.2-11_kfreebsd-amd64.deb
 c8c2fd292898a16e0f33d9185422d2b6df8bd0fc 12639854 kfreebsd-image-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
 be6f22e5aa05944c1a8fe654e49855fb45879841 49196 kfreebsd-image-8-amd64_8.2-11_kfreebsd-amd64.deb
 37fbb4e672d79c44ae432627641c60be498d5db0 327966 kfreebsd-headers-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
 bef0f5c82e906807df41ccb62077a6f1cab8d119 49030 kfreebsd-headers-8-amd64_8.2-11_kfreebsd-amd64.deb
Checksums-Sha256: 
 841b530a4cd4fc75d86ce627f952cbb6f909ac24ebca004b9eaf625d6b843bd2 3415 kfreebsd-8_8.2-11.dsc
 27615ea70504d0d6e31b5ba8453f490e749dda6bb8c676482fd0130c97f69c4c 98716 kfreebsd-8_8.2-11.debian.tar.gz
 8277e3e73a521d18b08139a991eab3c0444bff95a59b5a64560fa62dfb67f0ae 18703928 kfreebsd-source-8.2_8.2-11_all.deb
 29e89f49bbdf122d06616d5606ace66dd89eaa198a1f4473a2d5c0476237b621 7335288 kfreebsd-headers-8.2-1_8.2-11_kfreebsd-amd64.deb
 1f0df236f25ff266ecda0539b8b540e2c388594992477a296da2bf842b5ba7d1 12639854 kfreebsd-image-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
 e0dcc2baa16218a303695aed8aebf29b023c2035784ad41796f9d7ad74e18d84 49196 kfreebsd-image-8-amd64_8.2-11_kfreebsd-amd64.deb
 ba0132d5ca19eefbcddfea24d3b528a42602f6bc39c6767123b24de095130203 327966 kfreebsd-headers-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
 0d38c0037c78dfa0663ecbc48d08492ffc5caffb4b2428fac44af56dd99f349d 49030 kfreebsd-headers-8-amd64_8.2-11_kfreebsd-amd64.deb
Files: 
 524b13210e280172ef193aa2125ef4be 3415 kernel optional kfreebsd-8_8.2-11.dsc
 77f7f50179255909de364ddb5e4a3717 98716 kernel optional kfreebsd-8_8.2-11.debian.tar.gz
 05488777f947f297d38c64cabbb4e684 18703928 kernel optional kfreebsd-source-8.2_8.2-11_all.deb
 e32dbaa1f2a6b0344c2a6ca741bd7bc2 7335288 kernel optional kfreebsd-headers-8.2-1_8.2-11_kfreebsd-amd64.deb
 3b99f9b80601836633edcd115e9b032c 12639854 kernel optional kfreebsd-image-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
 757964d310910acc8cd4d326026b41b9 49196 kernel optional kfreebsd-image-8-amd64_8.2-11_kfreebsd-amd64.deb
 97ed7977ac13fcc712b45fed3c9883cd 327966 kernel optional kfreebsd-headers-8.2-1-amd64_8.2-11_kfreebsd-amd64.deb
 990eae0f852fa5f9deb2155a26997fe8 49030 kernel optional kfreebsd-headers-8-amd64_8.2-11_kfreebsd-amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/kFreeBSD)

iEYEARECAAYFAk6p2o0ACgkQC19io6rUCv/P4QCgi7o3X6Nv5q6KyDDqGJGlrxz/
qcMAn2wC9diB0t1Z1U0w43UDLKKsysKD
=eOWY
-----END PGP SIGNATURE-----

--- End Message ---