[Glibc-bsd-commits] r5696 - in trunk/kfreebsd-10/debian: . patches

stevenc-guest at alioth.debian.org stevenc-guest at alioth.debian.org
Wed Feb 25 12:44:49 UTC 2015 

Author: stevenc-guest
Date: 2015-02-25 12:44:49 +0000 (Wed, 25 Feb 2015)
New Revision: 5696

Added:
   trunk/kfreebsd-10/debian/patches/EN-15_01.vt.patch
   trunk/kfreebsd-10/debian/patches/SA-15_04.igmp.patch
Modified:
   trunk/kfreebsd-10/debian/changelog
   trunk/kfreebsd-10/debian/patches/series
Log:
Pick SVN r279264 from FreeBSD 10.1-RELEASE to fix:
- SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
  (Closes: #779195)
- EN-15:01: vt(4) crash with improper ioctl parameters
  (CVE-2014-0998) (Closes: #779194)


Modified: trunk/kfreebsd-10/debian/changelog
===================================================================
--- trunk/kfreebsd-10/debian/changelog	2015-02-24 22:49:05 UTC (rev 5695)
+++ trunk/kfreebsd-10/debian/changelog	2015-02-25 12:44:49 UTC (rev 5696)
@@ -1,3 +1,13 @@
+kfreebsd-10 (10.1~svn274115-3) UNRELEASED; urgency=high
+
+  * Pick SVN r279264 from FreeBSD 10.1-RELEASE to fix:
+    - SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
+      (Closes: #779195)
+    - EN-15:01: vt(4) crash with improper ioctl parameters
+      (CVE-2014-0998) (Closes: #779194)
+
+ -- Steven Chamberlain <steven at pyro.eu.org>  Wed, 25 Feb 2015 12:39:32 +0000
+
 kfreebsd-10 (10.1~svn274115-2) unstable; urgency=high
 
   * Pick SVN r277808 from FreeBSD 10.1-RELEASE to fix:

Added: trunk/kfreebsd-10/debian/patches/EN-15_01.vt.patch
===================================================================
--- trunk/kfreebsd-10/debian/patches/EN-15_01.vt.patch	                        (rev 0)
+++ trunk/kfreebsd-10/debian/patches/EN-15_01.vt.patch	2015-02-25 12:44:49 UTC (rev 5696)
@@ -0,0 +1,38 @@
+Description:
+ Fix vt(4) crash with improper ioctl parameters [EN-15:01] (CVE-2014-0998)
+Origin: vendor, https://security.FreeBSD.org/patches/EN-15:01/vt.patch
+Bug: https://security.FreeBSD.org/advisories/FreeBSD-EN-15:01.vt.asc
+Bug-Debian: https://bugs.debian.org/779194
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=279264
+
+--- a/sys/dev/vt/vt_core.c
++++ b/sys/dev/vt/vt_core.c
+@@ -2340,20 +2340,23 @@
+ 		}
+ 		VT_UNLOCK(vd);
+ 		return (EINVAL);
+-	case VT_WAITACTIVE:
++	case VT_WAITACTIVE: {
++		unsigned int idx;
++
+ 		error = 0;
+ 
+-		i = *(unsigned int *)data;
+-		if (i > VT_MAXWINDOWS)
++		idx = *(unsigned int *)data;
++		if (idx > VT_MAXWINDOWS)
+ 			return (EINVAL);
+-		if (i != 0)
+-			vw = vd->vd_windows[i - 1];
++		if (idx > 0)
++			vw = vd->vd_windows[idx - 1];
+ 
+ 		VT_LOCK(vd);
+ 		while (vd->vd_curwindow != vw && error == 0)
+ 			error = cv_wait_sig(&vd->vd_winswitch, &vd->vd_lock);
+ 		VT_UNLOCK(vd);
+ 		return (error);
++	}
+ 	case VT_SETMODE: {    	/* set screen switcher mode */
+ 		struct vt_mode *mode;
+ 		struct proc *p1;

Added: trunk/kfreebsd-10/debian/patches/SA-15_04.igmp.patch
===================================================================
--- trunk/kfreebsd-10/debian/patches/SA-15_04.igmp.patch	                        (rev 0)
+++ trunk/kfreebsd-10/debian/patches/SA-15_04.igmp.patch	2015-02-25 12:44:49 UTC (rev 5696)
@@ -0,0 +1,20 @@
+Description:
+ Fix integer overflow in IGMP protocol [SA-15:04] (CVE-2015-1414)
+Origin: vendor, https://security.FreeBSD.org/patches/SA-15:04/igmp.patch
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
+Bug-Debian: https://bugs.debian.org/779195
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=279264
+
+--- a/sys/netinet/igmp.c
++++ b/sys/netinet/igmp.c
+@@ -1533,8 +1533,8 @@
+ 		case IGMP_VERSION_3: {
+ 				struct igmpv3 *igmpv3;
+ 				uint16_t igmpv3len;
+-				uint16_t srclen;
+-				int nsrc;
++				uint16_t nsrc;
++				int srclen;
+ 
+ 				IGMPSTAT_INC(igps_rcv_v3_queries);
+ 				igmpv3 = (struct igmpv3 *)igmp;

Modified: trunk/kfreebsd-10/debian/patches/series
===================================================================
--- trunk/kfreebsd-10/debian/patches/series	2015-02-24 22:49:05 UTC (rev 5695)
+++ trunk/kfreebsd-10/debian/patches/series	2015-02-25 12:44:49 UTC (rev 5696)
@@ -40,3 +40,5 @@
 # Security patches
 SA-15_02.kmem.patch
 SA-15_03.sctp.patch
+SA-15_04.igmp.patch
+EN-15_01.vt.patch

More information about the Glibc-bsd-commits mailing list