[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#722336: kfreebsd-9: CVE-2013-5666: sendfile kernel memory disclosure

On 10/09/13 14:20, Ed Maste wrote:
> This is fixed in stable/9 in r255443.  The offending commit was already
> reverted from the 9.2 branch prior to 9.2-RC3 for other reasons.

I suspected that might be the case but didn't have time to look into it
yet.  Thanks very much for saying so!

Please could one of the DDs on the team upload (urgency=medium or high?)
a new upstream snapshot of r255444 to unstable , which includes fixes for:

  - sendfile kernel memory disclosure [SA-13:11]
    (CVE-2013-5666) (Closes #722336)
  - ifioctl credential checks missing [SA-13:12]
    (CVE-2013-5691) (Closes: #722338)
  - nullfs hardlinks across mounts [SA-13:13]
    (CVE-2013-5710) (Closes: #722337)

Thanks,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org
Reply to: