Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability

Related Vulnerabilities: CVE-2014-8613   CVE-2014-8612  

Source

Debian Bug report logs - #776416
kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability

version graph

Package: kfreebsd-10; Maintainer for kfreebsd-10 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Steven Chamberlain <steven@pyro.eu.org>

Date: Tue, 27 Jan 2015 20:24:01 UTC

Severity: grave

Tags: patch, security

Found in version 10.1~svn274115-1

Fixed in version kfreebsd-10/10.1~svn274115-2

Done: Steven Chamberlain <steven@pyro.eu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, steven@pyro.eu.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#776416; Package kfreebsd-10. (Tue, 27 Jan 2015 20:24:06 GMT) (full text, mbox, link).

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
New Bug report received and forwarded. Copy sent to steven@pyro.eu.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Tue, 27 Jan 2015 20:24:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability
Date: Tue, 27 Jan 2015 20:21:49 +0000
Package: kfreebsd-10
Version: 10.1~svn274115-1
Severity: grave
Tags: security patch

Hi,

A unprivileged local DoS was reported in the FreeBSD kernel
implementation of SCTP:
https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc

This only affects systems serving SCTP connections.  A patch from
upstream should be uploaded soon fixing this in kfreebsd-10.

kfreebsd-9 in stable is not affected, since the last security upload
9.0-10+deb70.8 disabled this protocol.

kfreebsd-8 does not receive regular security updates, but we may decide
to disable SCTP there too.  (It's expected nobody would be using SCTP in
GNU/kFreeBSD squeeze or prior, because no userland tools had been ported
yet).

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Added tag(s) pending. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Jan 2015 20:57:08 GMT) (full text, mbox, link).

Reply sent to Steven Chamberlain <steven@pyro.eu.org>:
You have taken responsibility. (Wed, 28 Jan 2015 22:09:10 GMT) (full text, mbox, link).

Notification sent to Steven Chamberlain <steven@pyro.eu.org>:
Bug acknowledged by developer. (Wed, 28 Jan 2015 22:09:10 GMT) (full text, mbox, link).

Message #12 received at 776416-close@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>
To: 776416-close@bugs.debian.org
Subject: Bug#776416: fixed in kfreebsd-10 10.1~svn274115-2
Date: Wed, 28 Jan 2015 22:04:12 +0000
Source: kfreebsd-10
Source-Version: 10.1~svn274115-2

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 776416@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Jan 2015 20:02:52 +0000
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
 zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-2
Distribution: unstable
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description:
 acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
 acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
 cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
 cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
 crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
 crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
 crypto-modules-10.1-0-486-di - crypto modules (udeb)
 crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
 ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
 ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
 fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
 fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
 floppy-modules-10.1-0-486-di - Floppy driver (udeb)
 floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
 i2c-modules-10.1-0-486-di - i2c support modules (udeb)
 i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
 ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
 ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
 isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
 isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
 kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
 kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
 kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
 kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
 kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
 kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
 loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
 loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
 md-modules-10.1-0-486-di - RAID and LVM support (udeb)
 md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
 mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
 mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
 mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
 mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
 nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
 nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
 nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
 nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
 nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
 nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
 nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
 nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
 nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
 nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
 nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
 nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
 nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
 nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
 parport-modules-10.1-0-486-di - Parallel port support (udeb)
 parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
 plip-modules-10.1-0-486-di - PLIP drivers (udeb)
 plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
 ppp-modules-10.1-0-486-di - PPP drivers (udeb)
 ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
 reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
 reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
 sata-modules-10.1-0-486-di - SATA drivers (udeb)
 sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
 scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
 scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
 scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
 scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
 scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
 scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
 serial-modules-10.1-0-486-di - Serial drivers (udeb)
 serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
 sound-modules-10.1-0-486-di - sound support (udeb)
 sound-modules-10.1-0-amd64-di - sound support (udeb)
 usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
 usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
 zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
 zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
 zlib-modules-10.1-0-486-di - zlib modules (udeb)
 zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 776415 776416
Changes:
 kfreebsd-10 (10.1~svn274115-2) unstable; urgency=high
 .
   * Pick SVN r277808 from FreeBSD 10.1-RELEASE to fix:
     - SA-15:02: SCTP SCTP_SS_VALUE kernel memory corruption and
       disclosure vulnerability (CVE-2014-8612) (Closes: #776415)
     - SA-15:03: SCTP stream reset vulnerability (CVE-2014-8613)
       (Closes: #776416)
   * Build kernel images only on kfreebsd-any arches, so that any
     security or other RC-severity kernel bugs will not affect the
     official jessie release
Checksums-Sha1:
 0f3205921b5e1381cdb8c8360757a53966312f01 11361 kfreebsd-10_10.1~svn274115-2.dsc
 0acbe02657be5f4d87a578c4e0b677ef6e6336bd 142388 kfreebsd-10_10.1~svn274115-2.debian.tar.xz
 a8d344c2bc6909b81600aa5c4951bdf6edacefa5 26513758 kfreebsd-source-10.1_10.1~svn274115-2_all.deb
Checksums-Sha256:
 1b11b7554a25bbd33a55a69614bde46bf378edff116f34ff19356f27d1dd5c33 11361 kfreebsd-10_10.1~svn274115-2.dsc
 c75ebad6a5bb44ba70c21c52fc7e90767358411fce810f00ab1a10f9a9ebc9e8 142388 kfreebsd-10_10.1~svn274115-2.debian.tar.xz
 624d025704e1f6da2b15026dd6a8a6fc71f58576655c48bc6ec1e2b43bf49f32 26513758 kfreebsd-source-10.1_10.1~svn274115-2_all.deb
Files:
 95b03d2f5af886a32116d456d78adb00 11361 kernel optional kfreebsd-10_10.1~svn274115-2.dsc
 bedf129dded9505294595562a5a6377f 142388 kernel optional kfreebsd-10_10.1~svn274115-2.debian.tar.xz
 b5422a1178dd6be40804d6441805dca5 26513758 kernel optional kfreebsd-source-10.1_10.1~svn274115-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJUySvwAAoJELrpzbaMAu5TcaQH/0hBWuICYS2wdYLyZ3fgWu7n
crqt7yKGl4Rqu3N4GeUgey+agSMtS+12dEQWjTG38tv2P4GG5J2MLRt9Xev/B45e
HPGL5PWr6htetwEakX4YLIXe2WJwtCpSrZoUrNxqKMHrWybUG6d1KL/9wecKzxCr
uq1L0zlC9bXoyzc+rORdb2gCiaZFhsoxjFdRCMBdoems0BwcdYxSVde5Ek93YD6r
v5SBxQ8hgSrRnJKpU6VjN4XiYIEaIM28/6V0D7TdthcpFnsj/nLk7mH4HXnFueC1
VDxFZrxYUjQm5KrtOLMSNuMKBOucygf2k8bfFouo8KtCW3MalSuU4ozX3cjxdhI=
=FQbz
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 08 Apr 2015 07:26:06 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:48:31 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started