Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Oct 2016 17:56:10 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r424640 - head/security/vuxml
Message-ID:  <201610251756.u9PHuAJ3092365@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: feld
Date: Tue Oct 25 17:56:09 2016
New Revision: 424640
URL: https://svnweb.freebsd.org/changeset/ports/424640

Log:
  Document revised FreeBSD-SA-16:15.sysarch

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Oct 25 17:51:49 2016	(r424639)
+++ head/security/vuxml/vuln.xml	Tue Oct 25 17:56:09 2016	(r424640)
@@ -3099,9 +3099,11 @@ and CVE-2013-0155.</p>
     <affects>
       <package>
 	<name>FreeBSD-kernel</name>
-	<range><ge>10.2</ge><lt>10.2_14</lt></range>
-	<range><ge>10.1</ge><lt>10.1_31</lt></range>
-	<range><ge>9.3</ge><lt>9.3_39</lt></range>
+	<range><ge>11.0</ge><lt>11.0_2</lt></range>
+	<range><ge>10.3</ge><lt>10.3_11</lt></range>
+	<range><ge>10.2</ge><lt>10.2_24</lt></range>
+	<range><ge>10.1</ge><lt>10.1_41</lt></range>
+	<range><ge>9.3</ge><lt>9.3_49</lt></range>
       </package>
     </affects>
     <description>
@@ -3110,10 +3112,10 @@ and CVE-2013-0155.</p>
 	<p>A special combination of sysarch(2) arguments, specify
 	a request to uninstall a set of descriptors from the LDT.
 	The start descriptor is cleared and the number of descriptors
-	are provided. Due to invalid use of a signed intermediate
-	value in the bounds checking during argument validity
-	verification, unbound zero'ing of the process LDT and
-	adjacent memory can be initiated from usermode.</p>
+	are provided. Due to lack of sufficient bounds checking
+	during argument validity verification, unbound zero'ing of
+	the process LDT and adjacent memory can be initiated from
+	usermode.</p>
 	<h1>Impact:</h1>
 	<p>This vulnerability could cause the kernel to panic. In
 	addition it is possible to perform a local Denial of Service
@@ -3127,6 +3129,7 @@ and CVE-2013-0155.</p>
     <dates>
       <discovery>2016-03-16</discovery>
       <entry>2016-08-11</entry>
+      <modified>2016-10-25</modified>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610251756.u9PHuAJ3092365>