Bug#686962: CVE-2012-3549: kfreebsd SCTP DoS

To: 686962@bugs.debian.org
Subject: Bug#686962: CVE-2012-3549: kfreebsd SCTP DoS
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 25 Sep 2012 18:08:44 +0200
Message-id: <[🔎] 20120925160844.GA9279@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 686962@bugs.debian.org
In-reply-to: <[🔎] 201209071217.50052.geissert@debian.org>
References: <[🔎] 201209071217.50052.geissert@debian.org>

On Fri, Sep 07, 2012 at 12:17:45PM -0500, Raphael Geissert wrote:
> Package: kfreebsd-8
> Severity: grave
> Tags: security
> Control: clone -1 -2 -3
> Control: reassign -2 src:kfreebsd-9
> Control: reassign -3 src:kfreebsd-10
> 
> Hi,
> 
> CVE-2012-3549 has been assigned to be a remote DoS (via a NULL pointer 
> dereference in the kernel) vulnerability in FreeBSD's SCTP 
> implementation[1].
> 
> [1] http://www.exploit-db.com/exploits/20226/
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

If no upstream fix is available you might want to disable SCTP in the Wheezy
kernel?

Cheers,
        Moritz

Reply to:

References:
- Bug#686961: CVE-2012-3549: kfreebsd SCTP DoS
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: [PATCH 3/3] install-files: Include modules.{builtin,order} in Linux kernel-image udebs
Next by Date: Processing of fuse4bsd_0.3.9~pre1.20080208-5_kfreebsd-amd64.changes
Previous by thread: Bug#686961: CVE-2012-3549: kfreebsd SCTP DoS
Next by thread: Re: Bug#686961: CVE-2012-3549: kfreebsd SCTP DoS
Index(es):
- Date
- Thread