Bug#796996: marked as done (kfreebsd-10: CVE-2015-5675: IRET privilege escalation)
Your message dated Sat, 07 Nov 2015 17:20:54 +0000
with message-id <E1Zv7Ac-0007Ej-Ju@franck.debian.org>
and subject line Bug#796996: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u1
has caused the Debian Bug report #796996,
regarding kfreebsd-10: CVE-2015-5675: IRET privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
796996: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796996
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: kfreebsd-10: CVE-2015-5675: IRET privilege escalation
- From: Steven Chamberlain <steven@pyro.eu.org>
- Date: Wed, 26 Aug 2015 19:38:11 +0100
- Message-id: <20150826183811.19567.15257.reportbug@sid.kfreebsd-amd64.pyro.eu.org>
Package: kfreebsd-10
Version: 10.1~svn274115-9
Severity: grave
Tags: security upstream patch
Hi,
Local users can trigger a kernel panic, or possibly escalate privileges,
by exploiting a flaw in the IRET handler in kfreebsd-9 and -10:
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
kfreebsd-8 may also be affected, but that release no longer
has security support.
kfreebsd-11 was fixed long ago in SVN r275833.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
- To: 796996-close@bugs.debian.org
- Subject: Bug#796996: fixed in kfreebsd-10 10.1~svn274115-4+kbsd8u1
- From: Steven Chamberlain <steven@pyro.eu.org>
- Date: Sat, 07 Nov 2015 17:20:54 +0000
- Message-id: <E1Zv7Ac-0007Ej-Ju@franck.debian.org>
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4+kbsd8u1
We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 796996@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-10 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 23 May 2015 14:57:14 +0100
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-4+kbsd8u1
Distribution: jessie-kfreebsd
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description:
acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
crypto-modules-10.1-0-486-di - crypto modules (udeb)
crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
floppy-modules-10.1-0-486-di - Floppy driver (udeb)
floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
i2c-modules-10.1-0-486-di - i2c support modules (udeb)
i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
md-modules-10.1-0-486-di - RAID and LVM support (udeb)
md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
parport-modules-10.1-0-486-di - Parallel port support (udeb)
parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
plip-modules-10.1-0-486-di - PLIP drivers (udeb)
plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
ppp-modules-10.1-0-486-di - PPP drivers (udeb)
ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
sata-modules-10.1-0-486-di - SATA drivers (udeb)
sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
serial-modules-10.1-0-486-di - Serial drivers (udeb)
serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
sound-modules-10.1-0-486-di - sound support (udeb)
sound-modules-10.1-0-amd64-di - sound support (udeb)
usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
zlib-modules-10.1-0-486-di - zlib modules (udeb)
zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 786615 786619 788238 796996
Changes:
kfreebsd-10 (10.1~svn274115-4+kbsd8u1) jessie-kfreebsd; urgency=high
.
* Create tarballs of upstream source, and of the kfreebsd-source
binary-indep package, using a reproducible stable file order.
(Closes: #786615)
* In the kfreebsd-source binary-indep package, clamp timestamps
to be no later than the last debian/changelog entry.
(Closes: #788238)
* Pick SVN r282873 from FreeBSD 10.1-RELEASE:
- EN-15:05: Fix deadlock on reboot with UFS tuned with SU+J.
(Closes: #786619)
* Pick SVN r287146 from FreeBSD 10.1-RELEASE:
- SA-15:21: Fix local privilege escalation in IRET handler.
(CVE-2015-5675) (Closes: #796996)
- EN-15:14: Disabled ixgbe(4) flow-director support, due to an
implementation bug.
* Pick SVN r290362 from FreeBSD 10.1-RELEASE:
- EN-15:19: Fix kqueue write events never fired for files greater than 2GB.
- EN-15:20: Fix applications exiting due to segmentation violation on a
correct memory address.
Checksums-Sha1:
609ae25edbaeb7bb349ffbdd08af49cd65f77585 11391 kfreebsd-10_10.1~svn274115-4+kbsd8u1.dsc
87c5aa3134923e2e50a9e61e4a39834db4c665d3 147812 kfreebsd-10_10.1~svn274115-4+kbsd8u1.debian.tar.xz
86c4f956e6c991965efedc92b710c108beedfd5f 26268924 kfreebsd-source-10.1_10.1~svn274115-4+kbsd8u1_all.deb
Checksums-Sha256:
9be6500e4aefab43d2dcc77915c409e899330feba938790848723afb126c6bdd 11391 kfreebsd-10_10.1~svn274115-4+kbsd8u1.dsc
1a0fa656a51ffcf027d17f360fe2ace947e7cfb3ec4d7cd43dd7dad81025098e 147812 kfreebsd-10_10.1~svn274115-4+kbsd8u1.debian.tar.xz
6f98ce3af82b0279b993fdf68891fb852fc3ac1526bbd6ef2150ec39a844cde9 26268924 kfreebsd-source-10.1_10.1~svn274115-4+kbsd8u1_all.deb
Files:
05db1f8c65e1c35c7b328397da455b3f 11391 kernel optional kfreebsd-10_10.1~svn274115-4+kbsd8u1.dsc
8b2cc52cf52873f7f044cb0027ea4b0c 147812 kernel optional kfreebsd-10_10.1~svn274115-4+kbsd8u1.debian.tar.xz
a5ddc1112a3e6ec463bf78fa9587e52b 26268924 kernel optional kfreebsd-source-10.1_10.1~svn274115-4+kbsd8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWPiNxAAoJELrpzbaMAu5TYCUH/jRWP19yd9le4IgFOHcMkRoD
l+5uB+9Vu5eqoseWOdBEQvAb3IctVaGLe/VmEm3Z4XhVDNJLmzAAkMdPRhMg/zL7
wr8BQSTXtWIJSEkG9mxY9aAnsevGOVcVIWHw98P2dkmjFSHoWfw+pFgyq3Hv/gaj
VMqHXOQKqVs8jec0uVE4aSZaors4Ho9sud/y+9jAmKJz/5318gTau6C9aPHIpYnO
LSwlE/s3M+M/fbY9Y/U/a+BzrGCvWkTX4CZiiG9qdFIacPaA+hc7zBBPYHc1oBni
Q9+6glbbzqwK489DXKv/YqG5slLTsfZ6wfyRc56nqTcQnqcbgdCLU5rzH6HGpBw=
=Tw9E
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: