[Glibc-bsd-commits] r4811 - in branches/wheezy/kfreebsd-9/debian: . patches
Steven Chamberlain
stevenc-guest at alioth.debian.org
Sun Jul 28 17:19:04 UTC 2013
Author: stevenc-guest
Date: 2013-07-28 17:19:03 +0000 (Sun, 28 Jul 2013)
New Revision: 4811
Added:
branches/wheezy/kfreebsd-9/debian/patches/SA-13_08.nfsserver.patch
Modified:
branches/wheezy/kfreebsd-9/debian/changelog
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
Incorrect privilege validation in the NFS server (Closes: #717958)
Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog 2013-07-28 16:23:27 UTC (rev 4810)
+++ branches/wheezy/kfreebsd-9/debian/changelog 2013-07-28 17:19:03 UTC (rev 4811)
@@ -1,3 +1,11 @@
+kfreebsd-9 (9.0-10+deb70.3) UNRELEASED; urgency=high
+
+ * Team upload.
+ * Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
+ Incorrect privilege validation in the NFS server (Closes: #717958)
+
+ -- Steven Chamberlain <steven at pyro.eu.org> Sun, 28 Jul 2013 18:15:26 +0100
+
kfreebsd-9 (9.0-10+deb70.2) wheezy-security; urgency=high
* Team upload.
Added: branches/wheezy/kfreebsd-9/debian/patches/SA-13_08.nfsserver.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-13_08.nfsserver.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-13_08.nfsserver.patch 2013-07-28 17:19:03 UTC (rev 4811)
@@ -0,0 +1,23 @@
+Description:
+ Fix a bug that allows remote client bypass the normal
+ access checks when when -network or -host restrictions
+ are used at the same time with -mapall. [13:08]
+ (CVE-2013-4851)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch
+Bug: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
+Bug-Debian: http://bugs.debian.org/717958
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=253693
+
+Index: kfreebsd-9-9.0/sys/kern/vfs_export.c
+===================================================================
+--- kfreebsd-9-9.0.orig/sys/kern/vfs_export.c 2009-09-28 19:07:16.000000000 +0100
++++ kfreebsd-9-9.0/sys/kern/vfs_export.c 2013-07-28 18:13:25.223547283 +0100
+@@ -208,7 +208,7 @@
+ np->netc_anon = crget();
+ np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
+ crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+- np->netc_anon->cr_groups);
++ argp->ex_anon.cr_groups);
+ np->netc_anon->cr_prison = &prison0;
+ prison_hold(np->netc_anon->cr_prison);
+ np->netc_numsecflavors = argp->ex_numsecflavors;
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2013-07-28 16:23:27 UTC (rev 4810)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2013-07-28 17:19:03 UTC (rev 4811)
@@ -10,6 +10,7 @@
SA-12_08.linux.patch
SA-13_05.nfsserver.patch
SA-13_06.mmap.patch
+SA-13_08.nfsserver.patch
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list