[Glibc-bsd-commits] r5638 - in branches/wheezy/kfreebsd-9/debian: . patches

stevenc-guest at alioth.debian.org stevenc-guest at alioth.debian.org
Wed Oct 15 13:43:38 UTC 2014 

Author: stevenc-guest
Date: 2014-10-15 13:43:38 +0000 (Wed, 15 Oct 2014)
New Revision: 5638

Added:
   branches/wheezy/kfreebsd-9/debian/patches/SA-14_17.kern.patch
Modified:
   branches/wheezy/kfreebsd-9/debian/changelog
   branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Pick SVN 268432 from FreeBSD 9-STABLE to fix SA-14:17:
- kernel memory disclosure in sockbuf control message
  (CVE-2014-3952) (Closes: #754236))


Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog	2014-10-15 09:31:06 UTC (rev 5637)
+++ branches/wheezy/kfreebsd-9/debian/changelog	2014-10-15 13:43:38 UTC (rev 5638)
@@ -1,3 +1,11 @@
+kfreebsd-9 (9.0-10+deb70.8) UNRELEASED; urgency=low
+
+  * Team upload.
+  * Pick SVN 268432 from FreeBSD 9-STABLE to fix SA-14:17:
+    - kernel memory disclosure in sockbuf control message
+      (CVE-2014-3952) (Closes: #754236))
+ -- Steven Chamberlain <steven at pyro.eu.org>  Tue, 08 Jul 2014 23:03:16 +0000
+
 kfreebsd-9 (9.0-10+deb70.7) wheezy-security; urgency=high
 
   * Team upload.

Added: branches/wheezy/kfreebsd-9/debian/patches/SA-14_17.kern.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-14_17.kern.patch	                        (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-14_17.kern.patch	2014-10-15 13:43:38 UTC (rev 5638)
@@ -0,0 +1,21 @@
+Description:
+ Fix kernel memory disclosure in sockbuf control message (CVE-2014-3952)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-14:17/kmem.patch
+Bug: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:17.kmem.asc
+Bug-Debian: http://bugs.debian.org/754236
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=268432
+
+--- kfreebsd-9-9.0.orig/sys/kern/uipc_sockbuf.c
++++ kfreebsd-9-9.0/sys/kern/uipc_sockbuf.c
+@@ -1011,6 +1011,11 @@
+ 	m->m_len = 0;
+ 	KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m),
+ 	    ("sbcreatecontrol: short mbuf"));
++	/*
++	 * Don't leave the padding between the msg header and the
++	 * cmsg data and the padding after the cmsg data un-initialized.
++	 */
++	bzero(cp, CMSG_SPACE((u_int)size));
+ 	if (p != NULL)
+ 		(void)memcpy(CMSG_DATA(cp), p, size);
+ 	m->m_len = CMSG_SPACE(size);

Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series	2014-10-15 09:31:06 UTC (rev 5637)
+++ branches/wheezy/kfreebsd-9/debian/patches/series	2014-10-15 13:43:38 UTC (rev 5638)
@@ -21,6 +21,7 @@
 SA-14_05.nfsserver.patch
 SA-14_08.tcp.patch
 EN-14_06.exec.patch
+SA-14_17.kern.patch
 
 # Other patches that might or might not be mergeable
 001_misc.diff

More information about the Glibc-bsd-commits mailing list