[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779195: kfreebsd-10: CVE-2015-1414: DoS via IGMP packet

Package: src:kfreebsd-10
Version: 10.1~svn274115-2
Severity: grave
Tags: security upstream patch

Hi,

A remote DoS was reported in FreeBSD's IGMP packet handling:
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc

This affects all our kfreebsd-8, -9, -10 and -11 packages.

I don't know yet if this can be exploited over the public Internet
or only on a local network segment.

As a mitigation, the PF firewall can probably be configured to block
'proto igmp' packets before the kernel processes them.  

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: