Debian Bug report logs - #572811
kfreebsd: CVE-2009-2649 denial-of-service

version graph

Package: kfreebsd-8; Maintainer for kfreebsd-8 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Sat, 6 Mar 2010 20:24:02 UTC

Severity: important

Tags: moreinfo, security

Found in versions kfreebsd-7/7.2-11, 6.0-1, kfreebsd-6/6.0-1, kfreebsd-7/7.0-1

Fixed in versions 8.0-1, kfreebsd-7/7.3-1, kfreebsd-8/8.0-1

Done: Petr Salinger <Petr.Salinger@seznam.cz>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#572811; Package kfreebsd-8. (Sat, 06 Mar 2010 20:24:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Sat, 06 Mar 2010 20:24:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: kfreebsd: CVE-2009-2650 potential code execution
Date: Sat, 6 Mar 2010 15:23:40 -0500
Package: kfreebsd-8
Version: 8.0-4
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kfreebsd-8.

CVE-2009-2650[0]:
| Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0
| Build 020124 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a crafted
| (1) .m3u or possibly (2) .pst file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2650
    http://security-tracker.debian.org/tracker/CVE-2009-2650




Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#572811; Package kfreebsd-8. (Sat, 06 Mar 2010 21:24:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Sat, 06 Mar 2010 21:24:09 GMT) Full text and rfc822 format available.

Message #10 received at 572811@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 572811@bugs.debian.org
Cc: control@bugs.debian.org
Subject: re: 572811
Date: Sat, 6 Mar 2010 16:24:21 -0500
retitle 572811 kfreebsd: CVE-2009-2649 denial-of-service
thanks

oops, that should have been:

CVE-2009-2649[0]:
| The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev
| is available, allows local users to cause a denial of service (kernel
| panic) via a certain IOCTL request with a large count, which triggers
| a malloc call with a large value.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2649
    http://security-tracker.debian.org/tracker/CVE-2009-2649




Changed Bug title to 'kfreebsd: CVE-2009-2649 denial-of-service' from 'kfreebsd: CVE-2009-2650 potential code execution' Request was from Michael Gilbert <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Sat, 06 Mar 2010 21:24:10 GMT) Full text and rfc822 format available.

Added tag(s) moreinfo. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 06 Mar 2010 21:33:03 GMT) Full text and rfc822 format available.

Reply sent to Petr Salinger <Petr.Salinger@seznam.cz>:
You have taken responsibility. (Mon, 08 Mar 2010 01:48:20 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Mon, 08 Mar 2010 01:48:20 GMT) Full text and rfc822 format available.

Message #19 received at 572811-done@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: 572811-done@bugs.debian.org
Subject: kfreebsd: CVE-2009-2649 denial-of-service
Date: Mon, 8 Mar 2010 04:49:15 +0100 (CET)
Version: 8.0-1

> CVE-2009-2649[0]:
> | The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev
> | is available, allows local users to cause a denial of service (kernel
> | panic) via a certain IOCTL request with a large count, which triggers
> | a malloc call with a large value.
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2649
>    http://security-tracker.debian.org/tracker/CVE-2009-2649


It have been fixed in

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/ata/ata-all.c#rev1.306

the 8.0 have been released with rev 1.308.2.2.2.1

Petr




Bug Marked as found in versions 6.0-1. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Mon, 08 Mar 2010 02:00:05 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions 8.0-4. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Mon, 08 Mar 2010 02:00:05 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 05 Apr 2010 07:32:46 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:18 GMT) Full text and rfc822 format available.

Bug Marked as found in versions kfreebsd-6/6.0-1. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:19 GMT) Full text and rfc822 format available.

Bug Marked as found in versions kfreebsd-7/7.0-1. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:19 GMT) Full text and rfc822 format available.

Bug Marked as found in versions kfreebsd-7/7.2-11. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:20 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions kfreebsd-7/7.3-1. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:21 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions kfreebsd-8/8.0-1. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:21 GMT) Full text and rfc822 format available.

Bug archived. Request was from Petr Salinger <Petr.Salinger@seznam.cz> to control@bugs.debian.org. (Sat, 10 Apr 2010 08:06:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 05:55:05 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.