Bug#768108: marked as done (kfreebsd-10: CVE-2014-8476: getlogin kernel memory disclosure)
Your message dated Sun, 28 Dec 2014 12:04:18 +0000
with message-id <E1Y5Ca2-0008NS-Lo@franck.debian.org>
and subject line Bug#768108: fixed in kfreebsd-10 10.1~svn274115-1
has caused the Debian Bug report #768108,
regarding kfreebsd-10: CVE-2014-8476: getlogin kernel memory disclosure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
768108: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768108
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: kfreebsd-9: CVE-2014-8476: getlogin kernel memory disclosure
- From: Steven Chamberlain <steven@pyro.eu.org>
- Date: Wed, 05 Nov 2014 01:05:08 +0000
- Message-id: <20141105010508.23768.54845.reportbug@sid.kfreebsd-amd64.pyro.eu.org>
Package: src:kfreebsd-9
Version: 9.0-10+deb70.7
Severity: grave
Tags: security patch upstream
Hi,
kfreebsd 9.0 (not officially supported upstream) seems vulnerable to an
issue just announced in 9.1 and later:
http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
kfreebsd-8 8.3 in wheezy, kfreebsd-10 in sid/jessie, and kfreebsd-11 in
experimental also seem to be affected by this.
-- System Information:
Debian Release: jessie/sid
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-1
We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 768108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Egger <christoph@debian.org> (supplier of updated kfreebsd-10 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 28 Dec 2014 12:41:02 +0100
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-1
Distribution: unstable
Urgency: medium
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Christoph Egger <christoph@debian.org>
Description:
acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
crypto-modules-10.1-0-486-di - crypto modules (udeb)
crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
floppy-modules-10.1-0-486-di - Floppy driver (udeb)
floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
i2c-modules-10.1-0-486-di - i2c support modules (udeb)
i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
md-modules-10.1-0-486-di - RAID and LVM support (udeb)
md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
parport-modules-10.1-0-486-di - Parallel port support (udeb)
parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
plip-modules-10.1-0-486-di - PLIP drivers (udeb)
plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
ppp-modules-10.1-0-486-di - PPP drivers (udeb)
ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
sata-modules-10.1-0-486-di - SATA drivers (udeb)
sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
serial-modules-10.1-0-486-di - Serial drivers (udeb)
serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
sound-modules-10.1-0-486-di - sound support (udeb)
sound-modules-10.1-0-amd64-di - sound support (udeb)
usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
zlib-modules-10.1-0-486-di - zlib modules (udeb)
zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 767583 768108
Changes:
kfreebsd-10 (10.1~svn274115-1) unstable; urgency=medium
.
[ Steven Chamberlain ]
* New upstream snapshot of 10.1-RC4+
- Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:25]
(CVE-2014-8476) (Closes: #768108)
* Replace non-DFSG-free ar9300_devid.h with a 3-clause BSD substitute
derived from Linux ath9k driver (Closes: #767583)
* Build kernel images only on kfreebsd-any arches, so that any
security or other RC-severity kernel bugs will not affect the
official jessie release
.
[ Christoph Egger ]
* Upload to unstable
Checksums-Sha1:
9b62cb75e7e4f341dfb609e6459dced5b2c0b99d 11686 kfreebsd-10_10.1~svn274115-1.dsc
766e79e5621c14051048ac35b59ca6f4ace5ea01 26642632 kfreebsd-10_10.1~svn274115.orig.tar.xz
3458c8f42c1ba8662423c0a66628fbb9f3a994df 141036 kfreebsd-10_10.1~svn274115-1.debian.tar.xz
cb0d2ab940136aaa6f63a615de36789a06554e71 26547260 kfreebsd-source-10.1_10.1~svn274115-1_all.deb
Checksums-Sha256:
e8619b8dad812038067a162d8af7733da773dc1439e0ba18df6ce419bd14db7d 11686 kfreebsd-10_10.1~svn274115-1.dsc
8d40a683c01682f8e86318ad37824fc2e3c4656901a0cf3d94aca3a546f4d28f 26642632 kfreebsd-10_10.1~svn274115.orig.tar.xz
bbdfbb4c886b35b1e4c8ba4a9d62564c3bdc2a8bf3fd82d96e8079e7c65d19ad 141036 kfreebsd-10_10.1~svn274115-1.debian.tar.xz
d8beca6a276efe7504d583443655f237b6e60579963a31ae6ab289ae6477ec25 26547260 kfreebsd-source-10.1_10.1~svn274115-1_all.deb
Files:
ba9294a983e1ce32bc61a628ad2a464b 11686 kernel optional kfreebsd-10_10.1~svn274115-1.dsc
3cb711d5ac350075f41b9c36321b262e 26642632 kernel optional kfreebsd-10_10.1~svn274115.orig.tar.xz
6d502df0dbaf1072d460e1c3e54e5b84 141036 kernel optional kfreebsd-10_10.1~svn274115-1.debian.tar.xz
668644c56a96e4493f41f7bb337eb38b 26547260 kernel optional kfreebsd-source-10.1_10.1~svn274115-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUn+41AAoJEKv/7bJACMb5OVAQALKPcauUF4JhKDvyPY1uoVWP
7x1dy9i6itItxbOiuI8jx3YNLSTNG+YFGFiEAMuorHX+dSlIQH0UUpwoTBsBbGMB
aAAbOgzvlbcyL944atIqp9GLb4PZr2nW+99wpnmb3QiCw54OkRGPggxan0ILKD1J
rJ2aDhmeL2Rg4J2ubeMf7e3crsprCH7d2spBuyrn+k0Uny/RyuB3aumIrq70yl0E
il8Lq0+ci75iRBWZcBTvkGto7evL0Lse08eC59KqtC31077VIy3Zew5RCH5WTcUA
XrsZqjEJNY/5tiIondP0zETWl+GcrV8EBtK7QMhIVaWiEUVxgQ4580l3vGhaPkZa
sb7Ws3iw34TMwQC/8AwfEByzHfGSyrZwSFhNxfB5asQVEHPSsiiuEtRDPqQXG8CA
VeYFBhJ0zRdh2s82iHXqSK2SRpJiCUnQHfKMBoVYn5Mk2Ve59ZqIumyrzDMks6G4
Mn+sZWx2rQwTuN53Cko56PAvNHKYjn0WUkJuA/6nrmSK9AgEPb5G35Ulc5p+MJUA
RCzzJ8Pk8qzPfYcgEnWWgHWfv3UndKW7uW9pV07LUm28BsDe0Z6FxbbAGVQhqAdS
151yHc8hq5k183p2hIoZho9nEdvRuhmXNYJkWLPJwyHr2e+ltgdobP++XVzlcGWb
GFe3v6XEpgNY2F3fOPzk
=Skw9
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: