Bug#811279: kfreebsd-10: CVE-2016-1881: Linux compatibility layer setgroups(2) system call vulnerability [SA-16:04]
Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u1
Severity: grave
Tags: security upstream
Control: found -1 10.1~svn274115-10
kfreebsd's Linux binary compatibility layer (linux.ko module) may
vulnerable to local privilege escalation or denial of service (kernel
panic). This module is typically not used by Debian GNU/kFreeBSD unless
the system administrator has enabled it.
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:04.linux.asc
This affects kfreebsd-10, and also kfreebsd-9 in wheezy.
Reply to: