[Glibc-bsd-commits] r6052 - in branches/jessie/kfreebsd-10/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Tue May 17 23:00:16 UTC 2016
Author: stevenc-guest
Date: 2016-05-17 23:00:16 +0000 (Tue, 17 May 2016)
New Revision: 6052
Added:
branches/jessie/kfreebsd-10/debian/patches/SA-16_18.atkbd.patch
branches/jessie/kfreebsd-10/debian/patches/SA-16_19.sendmsg.patch
Modified:
branches/jessie/kfreebsd-10/debian/changelog
branches/jessie/kfreebsd-10/debian/patches/series
Log:
Pick SVN r300085 from FreeBSD 10.1-RELEASE:
- SA-16:18: Use unsigned version of min() when handling arguments of
SETFKEY ioctl.
(CVE-2016-1886) (Closes: #824604)
- SA-16:19: Validate that user supplied control message length in
sendmsg(2) is not negative.
(CVE-2016-1887) (Closes: #824605)
Modified: branches/jessie/kfreebsd-10/debian/changelog
===================================================================
--- branches/jessie/kfreebsd-10/debian/changelog 2016-05-11 14:09:01 UTC (rev 6051)
+++ branches/jessie/kfreebsd-10/debian/changelog 2016-05-17 23:00:16 UTC (rev 6052)
@@ -1,3 +1,15 @@
+kfreebsd-10 (10.1~svn274115-4+kbsd8u4) UNRELEASED; urgency=medium
+
+ * Pick SVN r300085 from FreeBSD 10.1-RELEASE:
+ - SA-16:18: Use unsigned version of min() when handling arguments of
+ SETFKEY ioctl.
+ (CVE-2016-1886) (Closes: #824604)
+ - SA-16:19: Validate that user supplied control message length in
+ sendmsg(2) is not negative.
+ (CVE-2016-1887) (Closes: #824605)
+
+ -- Steven Chamberlain <steven at pyro.eu.org> Tue, 17 May 2016 22:44:13 +0000
+
kfreebsd-10 (10.1~svn274115-4+kbsd8u3) jessie-kfreebsd; urgency=high
* Pick SVN r294904 from FreeBSD 10.1-RELEASE:
Added: branches/jessie/kfreebsd-10/debian/patches/SA-16_18.atkbd.patch
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/SA-16_18.atkbd.patch (rev 0)
+++ branches/jessie/kfreebsd-10/debian/patches/SA-16_18.atkbd.patch 2016-05-17 23:00:16 UTC (rev 6052)
@@ -0,0 +1,18 @@
+Description:
+ Use unsigned version of min() when handling arguments of SETFKEY ioctl.
+ [SA-16:18]
+Origin: vendor
+Bug: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:18.atkbd.asc
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=300085
+
+--- a/sys/dev/kbd/kbd.c
++++ b/sys/dev/kbd/kbd.c
+@@ -996,7 +996,7 @@
+ splx(s);
+ return (error);
+ }
+- kbd->kb_fkeytab[fkeyp->keynum].len = imin(fkeyp->flen, MAXFK);
++ kbd->kb_fkeytab[fkeyp->keynum].len = min(fkeyp->flen, MAXFK);
+ bcopy(fkeyp->keydef, kbd->kb_fkeytab[fkeyp->keynum].str,
+ kbd->kb_fkeytab[fkeyp->keynum].len);
+ break;
Added: branches/jessie/kfreebsd-10/debian/patches/SA-16_19.sendmsg.patch
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/SA-16_19.sendmsg.patch (rev 0)
+++ branches/jessie/kfreebsd-10/debian/patches/SA-16_19.sendmsg.patch 2016-05-17 23:00:16 UTC (rev 6052)
@@ -0,0 +1,20 @@
+Description:
+ Validate that user supplied control message length in sendmsg(2)
+ is not negative. [SA-16:19]
+Origin: vendor
+Bug: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=300085
+
+--- a/sys/kern/uipc_syscalls.c
++++ b/sys/kern/uipc_syscalls.c
+@@ -1787,6 +1787,9 @@
+ struct mbuf *m;
+ int error;
+
++ if (buflen < 0)
++ return (EINVAL);
++
+ if (buflen > MLEN) {
+ #ifdef COMPAT_OLDSOCK
+ if (type == MT_SONAME && buflen <= 112)
+
Modified: branches/jessie/kfreebsd-10/debian/patches/series
===================================================================
--- branches/jessie/kfreebsd-10/debian/patches/series 2016-05-11 14:09:01 UTC (rev 6051)
+++ branches/jessie/kfreebsd-10/debian/patches/series 2016-05-17 23:00:16 UTC (rev 6052)
@@ -55,3 +55,5 @@
SA-16_05.tcp.patch
SA-16_10.linux.patch
SA-16_15.sysarch.patch
+SA-16_18.atkbd.patch
+SA-16_19.sendmsg.patch
More information about the Glibc-bsd-commits
mailing list