Security Information / 2011 / Security Information -- DSA-2325-1 kfreebsd-8

Debian Security Advisory

DSA-2325-1 kfreebsd-8 -- privilege escalation/denial of service

Date Reported:

23 Oct 2011

Affected Packages:

kfreebsd-8

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-4062.

More information:

Buffer overflow in the Linux emulation support in FreeBSD kernel allows local users to cause a denial of service (panic) and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls.

For the stable distribution (squeeze), this problem has been fixed in version 8.1+dfsg-8+squeeze2.

For the unstable distribution (sid), this problem has been fixed in version 8.2-9.

We recommend that you upgrade your kfreebsd-8 packages.