Bug#750493: kfreebsd-9: CVE-2014-3873: ktrace kernel memory disclosure
Package: src:kfreebsd-9
Version: 9.2-2
Severity: grave
Tags: security upstream
User: debian-bsd@lists.debian.org
Usertags: kfreebsd
Control: notfound -1 kfreebsd-9/9.0-10+deb70.6
Hi,
Upstream advisory FreeBSD-SA-14:12.ktrace reports a kernel memory
disclosure affecting kfreebsd-9:
http://security.FreeBSD.org/advisories/FreeBSD-SA-14:12.ktrace.asc
Versions 9.1 and 9.2 are mentioned as affected. Version 9.0 is not
mentioned because it's not an officially supported release upstream.
As best as I can tell, it did not affect 9.0 because it was introduced
by the merge of r237663; I don't fully understand it yet though.
Version 8.4 is mentioned as affected. But similarly I think it
was introduced by r237664 and doesn't affect 8.3 in wheezy.
It specifically did not affect kfreebsd-10, it had the correct code in
the first place.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: