[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#796996: kfreebsd-10: CVE-2015-5675: IRET privilege escalation

Package: kfreebsd-10
Version: 10.1~svn274115-9
Severity: grave
Tags: security upstream patch

Hi,

Local users can trigger a kernel panic, or possibly escalate privileges,
by exploiting a flaw in the IRET handler in kfreebsd-9 and -10:
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc

kfreebsd-8 may also be affected, but that release no longer
has security support.

kfreebsd-11 was fixed long ago in SVN r275833.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: