d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1ff092273d
freebsd-skq/sys/dev/vt
History
delphij 1ff092273d Use unsigned int for index value. 
Without this change a local attacker could trigger a panic by
tricking the kernel into accessing undefined kernel memory.

We would like to acknowledge Francisco Falcon from CORE Security
Technologies who discovered the issue and reported to the
FreeBSD Security Team.

More information can be found at CORE Security's advisory at:
http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities

This is an errata candidate for releng/10.1 and releng/9.3.  Earlier
releases are not affected.

Reported by:	Francisco Falcon from CORE Security Technologies
Security:	CVE-2014-0998
Reviewed by:	dumbbell
MFC after:	3 days
2015-01-27 19:35:41 +00:00
..
colors vt(4): Colors are indexed against a console palette, not a VGA palette 2014-08-10 17:04:10 +00:00
font vt(4): Rename the "mouse_cursor" structure to "vt_mouse_cursor" 2014-08-21 19:42:24 +00:00
hw vt(4): Use power_{suspend,resume} event handlers to implement 2015-01-27 15:28:46 +00:00
logo Remove stray whitespaces. 2014-09-12 14:07:20 +00:00
vt_buf.c vt(4): Adjust the cursor position after changing the window size 2014-11-01 17:05:15 +00:00
vt_consolectl.c Remove stray whitespaces. 2014-09-12 14:07:20 +00:00
vt_core.c Use unsigned int for index value. 2015-01-27 19:35:41 +00:00
vt_font.c
vt_sysmouse.c vt(4): Handle global and per-window mouse cursor toggle in one place 2014-08-21 13:04:34 +00:00
vt.h vt(4): Use power_{suspend,resume} event handlers to implement 2015-01-27 15:28:46 +00:00