Bug#796996: marked as done (kfreebsd-10: CVE-2015-5675: IRET privilege escalation)
Your message dated Sat, 29 Aug 2015 15:54:59 +0000
with message-id <E1ZViT5-0000oE-89@franck.debian.org>
and subject line Bug#796996: fixed in kfreebsd-10 10.1~svn274115-10
has caused the Debian Bug report #796996,
regarding kfreebsd-10: CVE-2015-5675: IRET privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
796996: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796996
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: kfreebsd-10
Version: 10.1~svn274115-9
Severity: grave
Tags: security upstream patch
Hi,
Local users can trigger a kernel panic, or possibly escalate privileges,
by exploiting a flaw in the IRET handler in kfreebsd-9 and -10:
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
kfreebsd-8 may also be affected, but that release no longer
has security support.
kfreebsd-11 was fixed long ago in SVN r275833.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: kfreebsd-10
Source-Version: 10.1~svn274115-10
We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 796996@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-10 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 22 Aug 2015 00:58:41 +0100
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
zlib-modules-10.1-0-486-di
Architecture: source
Version: 10.1~svn274115-10
Distribution: unstable
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description:
acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
crypto-modules-10.1-0-486-di - crypto modules (udeb)
crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
floppy-modules-10.1-0-486-di - Floppy driver (udeb)
floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
i2c-modules-10.1-0-486-di - i2c support modules (udeb)
i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
md-modules-10.1-0-486-di - RAID and LVM support (udeb)
md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
parport-modules-10.1-0-486-di - Parallel port support (udeb)
parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
plip-modules-10.1-0-486-di - PLIP drivers (udeb)
plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
ppp-modules-10.1-0-486-di - PPP drivers (udeb)
ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
sata-modules-10.1-0-486-di - SATA drivers (udeb)
sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
serial-modules-10.1-0-486-di - Serial drivers (udeb)
serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
sound-modules-10.1-0-486-di - sound support (udeb)
sound-modules-10.1-0-amd64-di - sound support (udeb)
usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
zlib-modules-10.1-0-486-di - zlib modules (udeb)
zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 796996
Changes:
kfreebsd-10 (10.1~svn274115-10) unstable; urgency=high
.
[ Christoph Egger ]
* Make kfreebsd-source multi-arch foreign
.
[ Steven Chamberlain ]
* Pick SVN r287146 from FreeBSD 10.1-RELEASE:
- SA-15:21: Fix local privilege escalation in IRET handler.
(CVE-2015-5675) (Closes: #796996)
- EN-15:14: Disabled ixgbe(4) flow-director support, due to an
implementation bug.
Checksums-Sha1:
d590f3f332111c0ee4d0375efc8f6441a445222b 11345 kfreebsd-10_10.1~svn274115-10.dsc
575ee3256ee00f458375b5032a1127053fa7431b 151104 kfreebsd-10_10.1~svn274115-10.debian.tar.xz
Checksums-Sha256:
8785aea8dce2962f13a4c0549eade5e872d6e4db62cf271040e62ca3fe386858 11345 kfreebsd-10_10.1~svn274115-10.dsc
7cfa0f2492dfb59218a1b07a22b3e9f6b78439bd49011e5d0437cc381de5c242 151104 kfreebsd-10_10.1~svn274115-10.debian.tar.xz
Files:
b472e1a89b13a11460b56665a875b788 11345 kernel optional kfreebsd-10_10.1~svn274115-10.dsc
f76fa7e7e82a5103b8683162bace06af 151104 kernel optional kfreebsd-10_10.1~svn274115-10.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJV4cUgAAoJELrpzbaMAu5T6UwH/Rg+95SOo17HAzbBgLbfRoI2
aX67ZeurCweLoMYs5E95pjrx0xPn328xyvYqFjECsIzXPw0Z8LSozqoEG6VyKpQ5
9a2mpJ01oXwbW3yQHs6qfm2WKuXAEYx/yEXbyr/qzcNNuNeR9+NvugPp4bp0quFg
9/Pvgu3KP38HneqN0P68mjFFNT+6jGkc9nmxF9hLCLJPPACoAEvHVZuB1tFLvBPU
6trc5kNG/OPYb+Jhrf1ACd9rNBq6jGHiK5iL/FrS2J+UGwWAnVP3n1Z/qFYOeVKX
ngD5jmWW1Ae/Izx2rkCUdg065RWFItovW3lGdVu1WRdpy6oe76A59CNwDf26xOQ=
=E3jg
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: