Bug#818423: kfreebsd-10: CVE-2016-1883: Linux compatibility layer issetugid(2) system call vulnerability

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#818423: kfreebsd-10: CVE-2016-1883: Linux compatibility layer issetugid(2) system call vulnerability
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Wed, 16 Mar 2016 23:11:26 +0000
Message-id: <[🔎] 145816988643.84275.1851780611342799556.reportbug@sid.kfreebsd-amd64.pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 818423@bugs.debian.org

Package: src:kfreebsd-10
Version: 10.1~svn274115-4+kbsd8u2
Severity: important
Tags: security upstream

kfreebsd's Linux binary compatibility layer (linux.ko module) has a
programming error that could allow for privilege esclation to happen.
Although, this feature is not typically used by Debian GNU/kFreeBSD
unless the system administrator has enabled it.

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:10.linux.asc

This affects kfreebsd-10, and also kfreebsd-9 in wheezy.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 10.1-0-amd64
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Bug#818423: marked as done (kfreebsd-10: CVE-2016-1883: Linux compatibility layer issetugid(2) system call vulnerability)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Bug#818233: Fails to build from source on kfreebsd-amd64
Next by Date: Bug#818426: kfreebsd-10: CVE-2016-1885: incorrect argument validation in sysarch(2)
Previous by thread: Re: releasing jessie-kfreebsd (was: kfreebsd IRC meeting?)
Next by thread: Bug#818423: marked as done (kfreebsd-10: CVE-2016-1883: Linux compatibility layer issetugid(2) system call vulnerability)
Index(es):
- Date
- Thread