From owner-freebsd-security@FreeBSD.ORG Wed Jan 28 12:13:37 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AED66FB8 for ; Wed, 28 Jan 2015 12:13:37 +0000 (UTC) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 20956A9D for ; Wed, 28 Jan 2015 12:13:36 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.9/8.14.9) with ESMTP id t0SCDU7I022906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 28 Jan 2015 13:13:30 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.9/8.14.9/Submit) with ESMTP id t0SCDUna022903 for ; Wed, 28 Jan 2015 13:13:30 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Wed, 28 Jan 2015 13:13:30 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: freebsd-security@freebsd.org Subject: Re: svn commit: r277806 - head/sys/dev/vt In-Reply-To: <693b2987.2b23d5b0@fabiankeil.de> Message-ID: References: <693b2987.2b23d5b0@fabiankeil.de> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.fig.ol.no Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 12:13:37 -0000 On Wed, 28 Jan 2015 11:49+0100, Fabian Keil wrote: > Pawel Biernacki wrote: > > > I found very worrying statement in that document: > > > > "2015-01-27: FreeBSD informs us that after going through their mail archive > > they found out that the same issue was reported by Google and that they > > missed it." > > > > How many other such mails were missed? > > I can't answer this question, but I reported a couple of ggated issues > (DoS, non-critical memory disclosure) in December: > > 2014-12-09: Initial notification sent with potential patches. > 2014-12-18: The mail was acknowledged and additional information requested. > 2014-12-19: A more verbose description of the issue was sent as requested. > 2015-01-15: I asked for a status update, preferably before FOSDEM. > > I haven't heard back yet and don't know when the issues will be addressed. Just out of curiosity, shouldn't size_t be used for indexing? -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-security@FreeBSD.ORG Wed Jan 28 19:40:05 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 93917193 for ; Wed, 28 Jan 2015 19:40:05 +0000 (UTC) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 816CD15C for ; Wed, 28 Jan 2015 19:40:05 +0000 (UTC) Received: from secure.postconf.com (mx5.roble.com [206.40.34.5]) by mx5.roble.com (Postfix) with ESMTP id 5D2866784E for ; Wed, 28 Jan 2015 11:39:20 -0800 (PST) In-Reply-To: References: Date: Wed, 28 Jan 2015 11:39:20 -0800 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:02.kmem From: "Roger Marquis" To: freebsd-security@freebsd.org Reply-To: marquis@roble.com MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 19:40:05 -0000 >> If SCTP is NOT compiled in the kernel, are you still vulnerable ? > > No -- we should have mentioned that too. For GENERIC kernel however > SCTP is compiled in. Should probably fix that too, in GENERIC, considering how little used this protocol is. Roger Marquis