Your message dated Mon, 08 Dec 2014 21:19:31 +0000 with message-id <e1xy5in-0004ok...@franck.debian.org> and subject line Bug#770327: fixed in broadcom-sta 6.30.223.248-3 has caused the Debian Bug report #770327, regarding non-root induced DoS via /proc/brcm_monitor0 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 770327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770327 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: broadcom-sta-dkms Version: 6.30.223.248-2 Severity: critical Tags: security upstream The wl module creates /proc/brcm_monitorN for each applicable device. At least with linux-image-3.16-0.bpo.2-amd64, reading from this file reliably sends my box into la-la land (symptoms are that CPU#2 is reported as stuck, and almost any process hangs). The file is mode 644, so this is possible for any local user. I noted this with monotone, which tries to trawl /proc files in a (arguably mistaken) attempt to gather randomness. monotone offers a network service, which may be affected. I can try reproduction with different kernels if it helps. What the file actually does is opaque to me. An easy fix would be to remove world readability in lines 3305 and 3308 of src/wl/sys/wl_linux.c
--- End Message ---
--- Begin Message ---Source: broadcom-sta Source-Version: 6.30.223.248-3 We believe that the bug you reported is fixed in the latest version of broadcom-sta, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 770...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Lacoux <clac...@easter-eggs.com> (supplier of updated broadcom-sta package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 07 Dec 2014 17:49:06 +0400 Source: broadcom-sta Binary: broadcom-sta-common broadcom-sta-dkms broadcom-sta-source Architecture: source all Version: 6.30.223.248-3 Distribution: unstable Urgency: medium Maintainer: Cyril Lacoux <clac...@easter-eggs.com> Changed-By: Cyril Lacoux <clac...@easter-eggs.com> Description: broadcom-sta-common - Common files for the Broadcom STA Wireless driver broadcom-sta-dkms - dkms source for the Broadcom STA Wireless driver broadcom-sta-source - Source for the Broadcom STA Wireless driver Closes: 762954 770327 Changes: broadcom-sta (6.30.223.248-3) unstable; urgency=medium . * Synced supported chipsets list with README.txt file (Closes: #762954). * Bumped standards version to 3.9.6 (No changes). * Added series of patches from Mickael MASSON <mmasson....@gmail.com> to fix system hang when activating monitor mode (Closes: #770327). Checksums-Sha1: 98edebc926be30435524e5ce2c4789c2ea4fe4dd 1985 broadcom-sta_6.30.223.248-3.dsc 1abc222707a29fd1398372a213a40a1ea677f72a 17772 broadcom-sta_6.30.223.248-3.debian.tar.xz 8aad2be9ea2900738e8cb8a9ce32f7c823afc60d 12472 broadcom-sta-common_6.30.223.248-3_all.deb d4c2f2042fa4b160d35e0e144faa8f8f2a544d14 2169900 broadcom-sta-dkms_6.30.223.248-3_all.deb aedb1f097349a6a2668b6abff279476792252edb 2184074 broadcom-sta-source_6.30.223.248-3_all.deb Checksums-Sha256: d45bca4e5f2957c001d05f6fbf9af788cbdcd769051deabdfde569678c01ec83 1985 broadcom-sta_6.30.223.248-3.dsc be18d663fb92c1e4ad24d94ca15e206482a4fc5edd501a44b2888d02c32f530a 17772 broadcom-sta_6.30.223.248-3.debian.tar.xz ee57b3af0bae03ffffefb6d1ac84b0e450c40e63305c94adbd146bf7b3554964 12472 broadcom-sta-common_6.30.223.248-3_all.deb d302c811dbcbb51ce3570a6f0be877a9785687f1f1601340d981c292d05a0e20 2169900 broadcom-sta-dkms_6.30.223.248-3_all.deb 6137945f45dea338765db5a4d37b1fcf3d505ad15a5ceeaf29c54fbdfa18c9bf 2184074 broadcom-sta-source_6.30.223.248-3_all.deb Files: 5277cb208f5c9c83c545e8f1ab03d351 1985 non-free/kernel optional broadcom-sta_6.30.223.248-3.dsc 95de6c1c43d130ddbacaf93ffa28d13e 17772 non-free/kernel optional broadcom-sta_6.30.223.248-3.debian.tar.xz 7b3391d192860978f16fc93684d0bfe4 12472 non-free/kernel optional broadcom-sta-common_6.30.223.248-3_all.deb 9d87e1eb5d57e09cd1141b03df385b73 2169900 non-free/kernel optional broadcom-sta-dkms_6.30.223.248-3_all.deb 556c623f77cfb2646554699c1ce25ba5 2184074 non-free/kernel optional broadcom-sta-source_6.30.223.248-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVIYIIWl0DlyzX+w8AQjKuw//fqs8AohxLiyVzsVsV27PfvVB5IH3GWix xuawqFdrwo4N79n/tTbWRl+GDpEQe1wDf1upt8VO5F9XbYFV9r85P5UEvZ2NNDrz twfh+Zj4UgW2R2UAymyzyw/by75Q1EBeigqNg3lWx5Z+9frvaL71IcXAmtnCqway LtXBOcOrTqsOxD3+DXUU+uROTzS7o7WAOP4OoT+WFwwYCC2jzu3TN5I988j2Vqx8 0vDBB9YxtQo3GJTFe/u9ZaBgeMg46jeRPPic1n+ZwbgakTrZ1w4YPCdWXCtx0Hlq PFVBlQPaouATxPkmqO5RRzbzkITZMGlz8Cd9GczULhM6ymicnDgScqcfQ8d9PIbJ nq90JTmhSsymAd50GTmINH4hJVYCsZRNPSovywWkG0chid7XTmI9P9ISh4ch2Yub G5zdhoc27QYTIn8GakmqTTGJJwC45pSLFW7eTDr19rqfFN4VanvuySomUrTCkrFp 0XmHXEp9iAdIY/W0VUOs5X6Mw96pdhtN2Ax7dKt8egJK6PeSX+KSx3ksKc+PCPvn qkxcE0aQdYEfcVbIerKbBG9ClfdYdXDl4F2LEIDl3qECJM1MNfuCQnbCnPkyLbTL 4Ir+mfsow2CjKdYb9Bm003K92H0f0E09A9IB86EhCpq8hm/8G2E3/9uvKZS/twJe HsWgVvwA2wE= =as7j -----END PGP SIGNATURE-----
--- End Message ---
