os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update SA-17:08 and SA-17:10 to properly give credit to Ilja van Sprundel.

Browse source
This commit is contained in:
Gordon Tetlow 2017-11-21 03:48:36 +00:00
parent a7caa668d0
commit a47849876f
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=51209
2 changed files with 44 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
share/security/advisories/FreeBSD-SA-17:08.ptrace.asc
View file

@ -10,7 +10,8 @@ Topic: Kernel data leak via ptrace(PT_LWPINFO)
Category: core Category: core
Module: ptrace Module: ptrace
Announced: 2017-11-15 Announced: 2017-11-15
Credits: John Baldwin Credits: Ilja van Sprundel
John Baldwin
Affects: All supported versions of FreeBSD. Affects: All supported versions of FreeBSD.
Corrected: 2017-11-10 12:28:43 UTC (stable/11, 11.1-STABLE) Corrected: 2017-11-10 12:28:43 UTC (stable/11, 11.1-STABLE)
2017-11-15 22:39:41 UTC (releng/11.1, 11.1-RELEASE-p4) 2017-11-15 22:39:41 UTC (releng/11.1, 11.1-RELEASE-p4)
@ -24,6 +25,13 @@ For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>. following sections, please visit <URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 2017-11-15 Initial release.
v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported this
issue to the project, but wasn't cited. The FreeBSD
Security Team apologizes to Ilja for this oversight.
I. Background I. Background
The ptrace(2) syscall provides the facility for a debugger to control the The ptrace(2) syscall provides the facility for a debugger to control the
@ -122,19 +130,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:08.ptrace.asc> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:08.ptrace.asc>
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxftfFIAAAAAALgAo iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToMpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
audQ+hAA2+cjqNVUJ/Polwo9cu61QxKLEXO1DItlMIFWBxpFpXXlRSLbqH+RGmaO auf4EhAAkPiaUsEFju752S8RMKCC5LZtNMr++65TeX2I+QbvqR7jpcg8UhrVhonJ
6aR4Q1xcOnLm8e57KcLFppl77uOZyO0IJ0lyK6P30ouSxuYIW3aHbW+p3pVYBE+J 0B/tEvaFcgYg8XjtHcRUMc5UzXRnZRu/a9+AzD2WbdZz/VqQSPVN1pAILXnYiZV4
aqF3mNxSh9xQRgXvxUB/CM3w/SMKkxXtkZMvhNSGFCShGQTNpjGfAgIwOZD8mNFi SbmbKoavKzzQyXD9HTiElWCaOSau1dZYJj9CkhMarN63H5A+PNSD+v2TOcsK7S9h
WvYbPgzwfeE4tsaStZ91SZ8wf2nxdRXhybDXEOCAJvicP6IqYA1Zfr7RG2N3swK7 Yvt4EYjq64CNO7BYY9vIUQEZkJfaoh2lLTOQYbaAgNbEa1+V4l7Kctzx0HpfrvmP
JKLXW7tiVu+zbRYYFiWYX4FIWatIlsTjpD0GyuZs0j2PCEu80z1muFnrp/dGg3Bn GyUyuvyIsBrtQA9xOYdhiet4qiORTNgVEsZc5k5mnpvvOOAyC5Ela/pqIM6VBmgv
APGVzIrkFjKvmXfkuFZFPMWCL+u9cUgOMNGkMFDXrLppLL7aXCGrz3BWECg581Pr 9PS3RZkoEFblcJWbDb48sNfqVxXxG7NHMsun5YXA0eglmNQC/+pwibUZeJ4sTPLd
dnUrrz/iEcXGDcnTJ3Ff+OidqdhdpVQz59Ek90TMd5iO+nZ+xeVjVzxdLHb82/wt 3qkm1uPxmHJPvp6zu/uVJSc+f8uJtMl7i2XmNVg0bdzzvcNkiCYR6TdhqZbDlJ+s
KlgXRpwTg3Q72xDSF84UmRSkk1M/V5AZMrZiy2RjIwtvLqIJ9ZpLAMnrwTTWRDjB BjgSVjY5tH83t9F8yaenKBrtHLk3ybwKBMQ/T/nwfBnZtUtN6n3EHTWZxrroilCB
YurHHNWKjMVkdKCdbpBVGRjNmS6XYS6QukmA4M85d2r0Dmb8J6Gd6juHc3Essrz+ ein8XGKu4G2NuPcnY8X4Yn13LWHe/b46tj1nkvp+qkb+tN9tg7rsueoyJqLdM3k2
3qEMKAcYsSWbQ5ZSMywUOzM74Dk+wUTf7jCJ1IsSqn8hYHOqvUSF0ftwXkdS1+cv /KxAPKNgAgP05r7hIgJGEtblTaxvLIP+RvkuyRW9B0XSxfYUNPd9anIOQTMCTm3L
GT25iduAMCdTP15Qp57Wlhv9WCF8eOUoYKHiSpXcVa6XMqazLy4= WFSYxQaW823LiKA3DvC7rw+8k9Jmcc7dVXaN1pwQMAroAxGhBM0=
=Uqz2 =E16f
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

36
share/security/advisories/FreeBSD-SA-17:10.kldstat.asc
View file

@ -10,7 +10,8 @@ Topic: Information leak in kldstat(2)
Category: core Category: core
Module: kernel Module: kernel
Announced: 2017-11-15 Announced: 2017-11-15
Credits: TJ Corley Credits: Ilja van Sprundel
TJ Corley
Affects: All supported versions of FreeBSD. Affects: All supported versions of FreeBSD.
Corrected: 2017-11-15 22:34:15 UTC (stable/11, 11.1-STABLE) Corrected: 2017-11-15 22:34:15 UTC (stable/11, 11.1-STABLE)
2017-11-15 22:49:47 UTC (releng/11.1, 11.1-RELEASE-p4) 2017-11-15 22:49:47 UTC (releng/11.1, 11.1-RELEASE-p4)
@ -24,6 +25,13 @@ For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>. following sections, please visit <URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 2017-11-15 Initial release.
v1.1 2017-11-20 Corrected credit. Ilja van Sprundel first reported the
issue to the project, but wasn't cited. The FreeBSD
Security Team apologizes to Ilja for this oversight.
I. Background I. Background
The kldstat(2) syscall provides information about loaded kld files. The The kldstat(2) syscall provides information about loaded kld files. The
@ -118,19 +126,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:10.kldstat.asc> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:10.kldstat.asc>
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloMxhRfFIAAAAAALgAo iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloToOxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
audjZhAA29uguakBjkQtnAlWceN0BOQlkp03iYQh61dFpdH98f7RQcr5cq77XKrM audl/RAAkPqcGvCMAHucBtZH2sySvM/1L1NTl0I61eJaDqgnjooo3hRq5J/dlNlt
pkONtdEVbZNF9g6sly6n9dq5ivAuC9K1KGPtylMcPzHLTzDtV1B13vk2iwwgqkZ7 zo48o2W0EOnr8QWJhVg1oADY5qxBVm8RldpAH1Y7lU1Pk1gw6buTvmlat9Y0TaRm
GgB+m305kcL85knaASn3PBYwKTKzGOrhZFUZuTTI4VAnbbEmIwTHnJlVHvNwFDIj i3WCYe/yzC9X50x12dSu2QCeir+HDHrHB72KQDxPJak21e8BKq8vSq4cV3+K32IF
je1XxdDBr4jq7SdCZH8YW9LZAMDi9b+0hg72u20ZQ66uNeadxN4i9DuWtMeHJHb7 MmC0yTkwXM7JJti1wkztiNSwvcCT5cI0EOZrHxDOJk57zhmuUw3t+42mr4uZhLpd
2aZRtHhdw4imryUpHM4FnCp5zp9V87Gyv4wy7IrkOKYtbl4nWqxqVakL7T9yVmY5 Um/Hmqt3TS1LlL/swCcayeJGI5lrnfnIMZEUJj9aJZcRry6xrtaeppvgm3rP8Bym
Q4cGqreYq8bF2aM3LyT26VmDfMOovovHJpCRHf9fvlIMj6ajS39FKWMkEeU23ykg IYBipTU16MGVU6PEdpxXZCkmhzrb5XkAHNnRbod/Ye4g5a+3tWeaivjxbrNRsJyc
EiTNk090h/G3REWiPnWjbxt8VGnFGyLe3K1VQqUvS+LlQ4lc45WCJnEHcpbvXT/E 7HkuvW41LX1+hJ2DJ/IJGKhz0yP+7//pXNJIkcF1iKOVnVIxz+49KPjj3ZHYhGu2
TNTQ/85nE4BklV1d9wiLy26C21W92IguZam0HdRYJHgEc9Mug+62MfqDzHf0w5HP oI/w4EMTd4ODXmE+bZkwGGm3nbxlH3AIZmBL2x1MdmfO/NjUlB3tYupZ7K/wR/PD
3pu8IV5KMwEjGxzaiDMETIZU+K5fkdzPDNBhscxZ6OOab4zQ0+pZgdT1CSbXV6Ru V0OdrZTua7EpYSUDg04xuNkkxRwFMIVQ3XtE1HNCuV0BtQqZOcecKh9Alci5ZT6n
xuOjSyBdz5vVdbq/298VJJ7hNyoP1MgnyaxPrG2ImNDKjUGqbtOgv0m3ISqtsyfs r+F3HhFthNsafwdXLka5zDev/qtSSxggZ75fj+BxPfCoQZSlYkegFg/9K1hXlE+c
pEvyO2MxWWZqdNhtGJuQpOYyzAMxfJdmdOz1PMFFayQiBR7F0ao= H22TsCXMpLokZUKj2XKJQ8RsEZQ5Yr6wEFjsWHoeK5CPh/DyAYE=
=N2rs =dgLX
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----