[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779195: marked as done (kfreebsd-10: CVE-2015-1414: DoS via IGMP packet)

Your message dated Wed, 25 Feb 2015 21:38:08 +0000
with message-id <E1YQjei-0001AO-Ox@franck.debian.org>
and subject line Bug#779195: fixed in kfreebsd-10 10.1~svn274115-3
has caused the Debian Bug report #779195,
regarding kfreebsd-10: CVE-2015-1414: DoS via IGMP packet
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

779195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779195
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: src:kfreebsd-10
Version: 10.1~svn274115-2
Severity: grave
Tags: security upstream patch


A remote DoS was reported in FreeBSD's IGMP packet handling:

This affects all our kfreebsd-8, -9, -10 and -11 packages.

I don't know yet if this can be exploited over the public Internet
or only on a local network segment.

As a mitigation, the PF firewall can probably be configured to block
'proto igmp' packets before the kernel processes them.  

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-3

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 779195@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA256

Format: 1.8
Date: Wed, 25 Feb 2015 12:39:32 +0000
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-3
Distribution: unstable
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
 acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
 acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
 cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
 cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
 crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
 crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
 crypto-modules-10.1-0-486-di - crypto modules (udeb)
 crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
 ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
 ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
 fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
 fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
 floppy-modules-10.1-0-486-di - Floppy driver (udeb)
 floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
 i2c-modules-10.1-0-486-di - i2c support modules (udeb)
 i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
 ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
 ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
 isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
 isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
 kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
 kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
 kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
 kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
 kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
 kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
 loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
 loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
 md-modules-10.1-0-486-di - RAID and LVM support (udeb)
 md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
 mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
 mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
 mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
 mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
 nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
 nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
 nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
 nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
 nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
 nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
 nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
 nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
 nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
 nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
 nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
 nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
 nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
 nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
 parport-modules-10.1-0-486-di - Parallel port support (udeb)
 parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
 plip-modules-10.1-0-486-di - PLIP drivers (udeb)
 plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
 ppp-modules-10.1-0-486-di - PPP drivers (udeb)
 ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
 reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
 reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
 sata-modules-10.1-0-486-di - SATA drivers (udeb)
 sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
 scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
 scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
 scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
 scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
 scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
 scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
 serial-modules-10.1-0-486-di - Serial drivers (udeb)
 serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
 sound-modules-10.1-0-486-di - sound support (udeb)
 sound-modules-10.1-0-amd64-di - sound support (udeb)
 usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
 usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
 zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
 zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
 zlib-modules-10.1-0-486-di - zlib modules (udeb)
 zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 779194 779195
 kfreebsd-10 (10.1~svn274115-3) unstable; urgency=high
   * Pick SVN r279264 from FreeBSD 10.1-RELEASE to fix:
     - SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
       (Closes: #779195)
     - EN-15:01: vt(4) crash with improper ioctl parameters
       (CVE-2014-0998) (Closes: #779194)
 485471f1a0aaa2f649e0131eab78b5ac5d1f8c7d 11361 kfreebsd-10_10.1~svn274115-3.dsc
 9b759bc8458d6975f71f9eea5e649a5ecd7303fb 142948 kfreebsd-10_10.1~svn274115-3.debian.tar.xz
 97a76f10272b78209d751b2a1a6895dc12de18ba 26771298 kfreebsd-source-10.1_10.1~svn274115-3_all.deb
 bb17250a17684d47cd5a037dac9ec2d3190e596bfec46c63f000419a17e4d959 11361 kfreebsd-10_10.1~svn274115-3.dsc
 f2bdc0cb0c8195a8795a96eab2b97aee413337c08c44b0a1bf67ce157cdc54b7 142948 kfreebsd-10_10.1~svn274115-3.debian.tar.xz
 b4c08c9ec35fecb192d5c6c7a16a56cfa251b58b3865fa721605c2f639f20eef 26771298 kfreebsd-source-10.1_10.1~svn274115-3_all.deb
 6a7048599c677832ca9cca6bbf29cd60 11361 kernel optional kfreebsd-10_10.1~svn274115-3.dsc
 5a21b9aaea092eccbc86acb1ee02cbe5 142948 kernel optional kfreebsd-10_10.1~svn274115-3.debian.tar.xz
 7ac26e3d81e277d88d03db2a3c1bcb30 26771298 kernel optional kfreebsd-source-10.1_10.1~svn274115-3_all.deb

Version: GnuPG v2


--- End Message ---

Reply to: