os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update SA-17:08 and SA-17:10 to properly give credit to Ilja van Sprundel.

Browse source
This commit is contained in:
Gordon Tetlow 2017-11-21 03:48:36 +00:00
parent a7caa668d0
commit a47849876f
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=51209
2 changed files with 44 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
share/security/advisories/FreeBSD-SA-17:08.ptrace.asc
View file

@ -10,7 +10,8 @@ Topic: Kernel data leak via ptrace(PT_LWPINFO)
Category: core
Module: ptrace
Announced: 2017-11-15
Credits: John Baldwin
Credits: Ilja van Sprundel
John Baldwin
Affects: All supported versions of FreeBSD.
Corrected: 2017-11-10 12:28:43 UTC (stable/11, 11.1-STABLE)
2017-11-15 22:39:41 UTC (releng/11.1, 11.1-RELEASE-p4)
@ -24,6 +25,13 @@ For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 2017-11-15 Initial release.
v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported this
issue to the project, but wasn't cited. The FreeBSD
Security Team apologizes to Ilja for this oversight.
I. Background
The ptrace(2) syscall provides the facility for a debugger to control the
@ -122,19 +130,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:08.ptrace.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxftfFIAAAAAALgAo
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToMpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
audQ+hAA2+cjqNVUJ/Polwo9cu61QxKLEXO1DItlMIFWBxpFpXXlRSLbqH+RGmaO
6aR4Q1xcOnLm8e57KcLFppl77uOZyO0IJ0lyK6P30ouSxuYIW3aHbW+p3pVYBE+J
aqF3mNxSh9xQRgXvxUB/CM3w/SMKkxXtkZMvhNSGFCShGQTNpjGfAgIwOZD8mNFi
WvYbPgzwfeE4tsaStZ91SZ8wf2nxdRXhybDXEOCAJvicP6IqYA1Zfr7RG2N3swK7
JKLXW7tiVu+zbRYYFiWYX4FIWatIlsTjpD0GyuZs0j2PCEu80z1muFnrp/dGg3Bn
APGVzIrkFjKvmXfkuFZFPMWCL+u9cUgOMNGkMFDXrLppLL7aXCGrz3BWECg581Pr
dnUrrz/iEcXGDcnTJ3Ff+OidqdhdpVQz59Ek90TMd5iO+nZ+xeVjVzxdLHb82/wt
KlgXRpwTg3Q72xDSF84UmRSkk1M/V5AZMrZiy2RjIwtvLqIJ9ZpLAMnrwTTWRDjB
YurHHNWKjMVkdKCdbpBVGRjNmS6XYS6QukmA4M85d2r0Dmb8J6Gd6juHc3Essrz+
3qEMKAcYsSWbQ5ZSMywUOzM74Dk+wUTf7jCJ1IsSqn8hYHOqvUSF0ftwXkdS1+cv
GT25iduAMCdTP15Qp57Wlhv9WCF8eOUoYKHiSpXcVa6XMqazLy4=
=Uqz2
auf4EhAAkPiaUsEFju752S8RMKCC5LZtNMr++65TeX2I+QbvqR7jpcg8UhrVhonJ
0B/tEvaFcgYg8XjtHcRUMc5UzXRnZRu/a9+AzD2WbdZz/VqQSPVN1pAILXnYiZV4
SbmbKoavKzzQyXD9HTiElWCaOSau1dZYJj9CkhMarN63H5A+PNSD+v2TOcsK7S9h
Yvt4EYjq64CNO7BYY9vIUQEZkJfaoh2lLTOQYbaAgNbEa1+V4l7Kctzx0HpfrvmP
GyUyuvyIsBrtQA9xOYdhiet4qiORTNgVEsZc5k5mnpvvOOAyC5Ela/pqIM6VBmgv
9PS3RZkoEFblcJWbDb48sNfqVxXxG7NHMsun5YXA0eglmNQC/+pwibUZeJ4sTPLd
3qkm1uPxmHJPvp6zu/uVJSc+f8uJtMl7i2XmNVg0bdzzvcNkiCYR6TdhqZbDlJ+s
BjgSVjY5tH83t9F8yaenKBrtHLk3ybwKBMQ/T/nwfBnZtUtN6n3EHTWZxrroilCB
ein8XGKu4G2NuPcnY8X4Yn13LWHe/b46tj1nkvp+qkb+tN9tg7rsueoyJqLdM3k2
/KxAPKNgAgP05r7hIgJGEtblTaxvLIP+RvkuyRW9B0XSxfYUNPd9anIOQTMCTm3L
WFSYxQaW823LiKA3DvC7rw+8k9Jmcc7dVXaN1pwQMAroAxGhBM0=
=E16f
-----END PGP SIGNATURE-----

36
share/security/advisories/FreeBSD-SA-17:10.kldstat.asc
View file

@ -10,7 +10,8 @@ Topic: Information leak in kldstat(2)
Category: core
Module: kernel
Announced: 2017-11-15
Credits: TJ Corley
Credits: Ilja van Sprundel
TJ Corley
Affects: All supported versions of FreeBSD.
Corrected: 2017-11-15 22:34:15 UTC (stable/11, 11.1-STABLE)
2017-11-15 22:49:47 UTC (releng/11.1, 11.1-RELEASE-p4)
@ -24,6 +25,13 @@ For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 2017-11-15 Initial release.
v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported the
issue to the project, but wasn't cited. The FreeBSD
Security Team apologizes to Ilja for this oversight.
I. Background
The kldstat(2) syscall provides information about loaded kld files. The
@ -118,19 +126,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:10.kldstat.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxhRfFIAAAAAALgAo
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToOxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
audjZhAA29uguakBjkQtnAlWceN0BOQlkp03iYQh61dFpdH98f7RQcr5cq77XKrM
pkONtdEVbZNF9g6sly6n9dq5ivAuC9K1KGPtylMcPzHLTzDtV1B13vk2iwwgqkZ7
GgB+m305kcL85knaASn3PBYwKTKzGOrhZFUZuTTI4VAnbbEmIwTHnJlVHvNwFDIj
je1XxdDBr4jq7SdCZH8YW9LZAMDi9b+0hg72u20ZQ66uNeadxN4i9DuWtMeHJHb7
2aZRtHhdw4imryUpHM4FnCp5zp9V87Gyv4wy7IrkOKYtbl4nWqxqVakL7T9yVmY5
Q4cGqreYq8bF2aM3LyT26VmDfMOovovHJpCRHf9fvlIMj6ajS39FKWMkEeU23ykg
EiTNk090h/G3REWiPnWjbxt8VGnFGyLe3K1VQqUvS+LlQ4lc45WCJnEHcpbvXT/E
TNTQ/85nE4BklV1d9wiLy26C21W92IguZam0HdRYJHgEc9Mug+62MfqDzHf0w5HP
3pu8IV5KMwEjGxzaiDMETIZU+K5fkdzPDNBhscxZ6OOab4zQ0+pZgdT1CSbXV6Ru
xuOjSyBdz5vVdbq/298VJJ7hNyoP1MgnyaxPrG2ImNDKjUGqbtOgv0m3ISqtsyfs
pEvyO2MxWWZqdNhtGJuQpOYyzAMxfJdmdOz1PMFFayQiBR7F0ao=
=N2rs
audl/RAAkPqcGvCMAHucBtZH2sySvM/1L1NTl0I61eJaDqgnjooo3hRq5J/dlNlt
zo48o2W0EOnr8QWJhVg1oADY5qxBVm8RldpAH1Y7lU1Pk1gw6buTvmlat9Y0TaRm
i3WCYe/yzC9X50x12dSu2QCeir+HDHrHB72KQDxPJak21e8BKq8vSq4cV3+K32IF
MmC0yTkwXM7JJti1wkztiNSwvcCT5cI0EOZrHxDOJk57zhmuUw3t+42mr4uZhLpd
Um/Hmqt3TS1LlL/swCcayeJGI5lrnfnIMZEUJj9aJZcRry6xrtaeppvgm3rP8Bym
IYBipTU16MGVU6PEdpxXZCkmhzrb5XkAHNnRbod/Ye4g5a+3tWeaivjxbrNRsJyc
7HkuvW41LX1+hJ2DJ/IJGKhz0yP+7//pXNJIkcF1iKOVnVIxz+49KPjj3ZHYhGu2
oI/w4EMTd4ODXmE+bZkwGGm3nbxlH3AIZmBL2x1MdmfO/NjUlB3tYupZ7K/wR/PD
V0OdrZTua7EpYSUDg04xuNkkxRwFMIVQ3XtE1HNCuV0BtQqZOcecKh9Alci5ZT6n
r+F3HhFthNsafwdXLka5zDev/qtSSxggZ75fj+BxPfCoQZSlYkegFg/9K1hXlE+c
H22TsCXMpLokZUKj2XKJQ8RsEZQ5Yr6wEFjsWHoeK5CPh/DyAYE=
=dgLX
-----END PGP SIGNATURE-----