Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

kfreebsd-10: CVE-2015-2923: IPv6 Hop limit lowering via RA messages

Related Vulnerabilities: CVE-2015-2923   CVE-2015-2922   CVE-2015-1414  

Source

Debian Bug report logs - #782107
kfreebsd-10: CVE-2015-2923: IPv6 Hop limit lowering via RA messages

version graph

Package: src:kfreebsd-10; Maintainer for src:kfreebsd-10 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Steven Chamberlain <steven@pyro.eu.org>

Date: Tue, 7 Apr 2015 21:45:07 UTC

Severity: grave

Tags: security

Found in version kfreebsd-10/10.1~svn274115-3

Fixed in version kfreebsd-10/10.1~svn274115-4

Done: Steven Chamberlain <steven@pyro.eu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, steven@pyro.eu.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#782107; Package src:kfreebsd-10. (Tue, 07 Apr 2015 21:45:12 GMT) (full text, mbox, link).

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
New Bug report received and forwarded. Copy sent to steven@pyro.eu.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Tue, 07 Apr 2015 21:45:12 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kfreebsd-10: CVE-2015-2923: IPv6 Hop limit lowering via RA messages
Date: Tue, 07 Apr 2015 22:41:51 +0100
Package: src:kfreebsd-10
Version: 10.1~svn274115-3
Severity: grave
Tags: security

Hi,

A local-network DoS was reported in the IPv6 stack of FreeBSD:
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc
(the same issue as CVE-2015-2922 on Linux).

This affects all our kfreebsd-8, -9, -10 and -11 packages.

Debian GNU/kFreeBSD packages enable "accept_rtadv" by default, so are
vulnerable to this DoS unless that flag is manually disabled on an
interface, or IPv6 connectivity not used.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply sent to Steven Chamberlain <steven@pyro.eu.org>:
You have taken responsibility. (Tue, 07 Apr 2015 23:36:09 GMT) (full text, mbox, link).

Notification sent to Steven Chamberlain <steven@pyro.eu.org>:
Bug acknowledged by developer. (Tue, 07 Apr 2015 23:36:10 GMT) (full text, mbox, link).

Message #10 received at 782107-close@bugs.debian.org (full text, mbox, reply):

From: Steven Chamberlain <steven@pyro.eu.org>
To: 782107-close@bugs.debian.org
Subject: Bug#782107: fixed in kfreebsd-10 10.1~svn274115-4
Date: Tue, 07 Apr 2015 23:34:11 +0000
Source: kfreebsd-10
Source-Version: 10.1~svn274115-4

We believe that the bug you reported is fixed in the latest version of
kfreebsd-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 782107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Apr 2015 22:13:19 +0100
Source: kfreebsd-10
Binary: kfreebsd-source-10.1 kfreebsd-headers-10.1-0 kfreebsd-image-10.1-0-amd64 kfreebsd-image-10-amd64 kfreebsd-headers-10.1-0-amd64 kfreebsd-headers-10-amd64 kernel-image-10.1-0-amd64-di nic-modules-10.1-0-amd64-di nic-wireless-modules-10.1-0-amd64-di nic-shared-modules-10.1-0-amd64-di serial-modules-10.1-0-amd64-di usb-serial-modules-10.1-0-amd64-di ppp-modules-10.1-0-amd64-di cdrom-modules-10.1-0-amd64-di scsi-core-modules-10.1-0-amd64-di scsi-modules-10.1-0-amd64-di scsi-extra-modules-10.1-0-amd64-di plip-modules-10.1-0-amd64-di floppy-modules-10.1-0-amd64-di loop-modules-10.1-0-amd64-di ipv6-modules-10.1-0-amd64-di nls-core-modules-10.1-0-amd64-di ext2-modules-10.1-0-amd64-di isofs-modules-10.1-0-amd64-di reiserfs-modules-10.1-0-amd64-di fat-modules-10.1-0-amd64-di zfs-modules-10.1-0-amd64-di nfs-modules-10.1-0-amd64-di nullfs-modules-10.1-0-amd64-di md-modules-10.1-0-amd64-di parport-modules-10.1-0-amd64-di nic-usb-modules-10.1-0-amd64-di
 sata-modules-10.1-0-amd64-di acpi-modules-10.1-0-amd64-di i2c-modules-10.1-0-amd64-di crypto-modules-10.1-0-amd64-di crypto-dm-modules-10.1-0-amd64-di mmc-core-modules-10.1-0-amd64-di mmc-modules-10.1-0-amd64-di sound-modules-10.1-0-amd64-di zlib-modules-10.1-0-amd64-di kfreebsd-image-10.1-0-486 kfreebsd-image-10-486 kfreebsd-headers-10.1-0-486 kfreebsd-headers-10-486 kfreebsd-image-10.1-0-686 kfreebsd-image-10-686 kfreebsd-headers-10.1-0-686 kfreebsd-headers-10-686 kfreebsd-image-10.1-0-xen kfreebsd-image-10-xen kfreebsd-headers-10.1-0-xen kfreebsd-headers-10-xen kernel-image-10.1-0-486-di nic-modules-10.1-0-486-di nic-wireless-modules-10.1-0-486-di nic-shared-modules-10.1-0-486-di serial-modules-10.1-0-486-di usb-serial-modules-10.1-0-486-di ppp-modules-10.1-0-486-di cdrom-modules-10.1-0-486-di scsi-core-modules-10.1-0-486-di scsi-modules-10.1-0-486-di scsi-extra-modules-10.1-0-486-di plip-modules-10.1-0-486-di floppy-modules-10.1-0-486-di
 loop-modules-10.1-0-486-di ipv6-modules-10.1-0-486-di nls-core-modules-10.1-0-486-di ext2-modules-10.1-0-486-di isofs-modules-10.1-0-486-di reiserfs-modules-10.1-0-486-di fat-modules-10.1-0-486-di zfs-modules-10.1-0-486-di nfs-modules-10.1-0-486-di nullfs-modules-10.1-0-486-di md-modules-10.1-0-486-di parport-modules-10.1-0-486-di nic-usb-modules-10.1-0-486-di sata-modules-10.1-0-486-di acpi-modules-10.1-0-486-di i2c-modules-10.1-0-486-di crypto-modules-10.1-0-486-di crypto-dm-modules-10.1-0-486-di mmc-core-modules-10.1-0-486-di mmc-modules-10.1-0-486-di sound-modules-10.1-0-486-di
 zlib-modules-10.1-0-486-di
Architecture: source all
Version: 10.1~svn274115-4
Distribution: unstable
Urgency: high
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description:
 acpi-modules-10.1-0-486-di - ACPI support modules (udeb)
 acpi-modules-10.1-0-amd64-di - ACPI support modules (udeb)
 cdrom-modules-10.1-0-486-di - Esoteric CDROM drivers (udeb)
 cdrom-modules-10.1-0-amd64-di - Esoteric CDROM drivers (udeb)
 crypto-dm-modules-10.1-0-486-di - devicemapper crypto module (udeb)
 crypto-dm-modules-10.1-0-amd64-di - devicemapper crypto module (udeb)
 crypto-modules-10.1-0-486-di - crypto modules (udeb)
 crypto-modules-10.1-0-amd64-di - crypto modules (udeb)
 ext2-modules-10.1-0-486-di - EXT2 filesystem support (udeb)
 ext2-modules-10.1-0-amd64-di - EXT2 filesystem support (udeb)
 fat-modules-10.1-0-486-di - FAT filesystem support (udeb)
 fat-modules-10.1-0-amd64-di - FAT filesystem support (udeb)
 floppy-modules-10.1-0-486-di - Floppy driver (udeb)
 floppy-modules-10.1-0-amd64-di - Floppy driver (udeb)
 i2c-modules-10.1-0-486-di - i2c support modules (udeb)
 i2c-modules-10.1-0-amd64-di - i2c support modules (udeb)
 ipv6-modules-10.1-0-486-di - IPv6 driver (udeb)
 ipv6-modules-10.1-0-amd64-di - IPv6 driver (udeb)
 isofs-modules-10.1-0-486-di - ISOFS filesystem support (udeb)
 isofs-modules-10.1-0-amd64-di - ISOFS filesystem support (udeb)
 kernel-image-10.1-0-486-di - kFreeBSD binary image for the Debian installer (udeb)
 kernel-image-10.1-0-amd64-di - kFreeBSD binary image for the Debian installer (udeb)
 kfreebsd-headers-10-486 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-686 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-amd64 - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10-xen - header files for kernel of FreeBSD 10 (meta-package)
 kfreebsd-headers-10.1-0 - Common architecture-specific header files for kernel of FreeBSD 1
 kfreebsd-headers-10.1-0-486 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-686 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-amd64 - header files for kernel of FreeBSD 10.1
 kfreebsd-headers-10.1-0-xen - header files for kernel of FreeBSD 10.1
 kfreebsd-image-10-486 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-686 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-amd64 - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10-xen - kernel of FreeBSD 10 image (meta-package)
 kfreebsd-image-10.1-0-486 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-686 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-amd64 - kernel of FreeBSD 10.1 image
 kfreebsd-image-10.1-0-xen - kernel of FreeBSD 10.1 image
 kfreebsd-source-10.1 - source code for kernel of FreeBSD 10.1 with Debian patches
 loop-modules-10.1-0-486-di - Loopback filesystem support (udeb)
 loop-modules-10.1-0-amd64-di - Loopback filesystem support (udeb)
 md-modules-10.1-0-486-di - RAID and LVM support (udeb)
 md-modules-10.1-0-amd64-di - RAID and LVM support (udeb)
 mmc-core-modules-10.1-0-486-di - MMC/SD/SDIO core modules (udeb)
 mmc-core-modules-10.1-0-amd64-di - MMC/SD/SDIO core modules (udeb)
 mmc-modules-10.1-0-486-di - MMC/SD card modules (udeb)
 mmc-modules-10.1-0-amd64-di - MMC/SD card modules (udeb)
 nfs-modules-10.1-0-486-di - NFS filesystem support (udeb)
 nfs-modules-10.1-0-amd64-di - NFS filesystem support (udeb)
 nic-modules-10.1-0-486-di - Common NIC drivers (udeb)
 nic-modules-10.1-0-amd64-di - Common NIC drivers (udeb)
 nic-shared-modules-10.1-0-486-di - Shared NIC drivers (udeb)
 nic-shared-modules-10.1-0-amd64-di - Shared NIC drivers (udeb)
 nic-usb-modules-10.1-0-486-di - USB NIC drivers (udeb)
 nic-usb-modules-10.1-0-amd64-di - USB NIC drivers (udeb)
 nic-wireless-modules-10.1-0-486-di - Wireless NIC drivers (udeb)
 nic-wireless-modules-10.1-0-amd64-di - Wireless NIC drivers (udeb)
 nls-core-modules-10.1-0-486-di - Core NLS support (udeb)
 nls-core-modules-10.1-0-amd64-di - Core NLS support (udeb)
 nullfs-modules-10.1-0-486-di - nullfs filesystem support (udeb)
 nullfs-modules-10.1-0-amd64-di - nullfs filesystem support (udeb)
 parport-modules-10.1-0-486-di - Parallel port support (udeb)
 parport-modules-10.1-0-amd64-di - Parallel port support (udeb)
 plip-modules-10.1-0-486-di - PLIP drivers (udeb)
 plip-modules-10.1-0-amd64-di - PLIP drivers (udeb)
 ppp-modules-10.1-0-486-di - PPP drivers (udeb)
 ppp-modules-10.1-0-amd64-di - PPP drivers (udeb)
 reiserfs-modules-10.1-0-486-di - Reiser filesystem support (udeb)
 reiserfs-modules-10.1-0-amd64-di - Reiser filesystem support (udeb)
 sata-modules-10.1-0-486-di - SATA drivers (udeb)
 sata-modules-10.1-0-amd64-di - SATA drivers (udeb)
 scsi-core-modules-10.1-0-486-di - Core SCSI subsystem (udeb)
 scsi-core-modules-10.1-0-amd64-di - Core SCSI subsystem (udeb)
 scsi-extra-modules-10.1-0-486-di - Uncommon SCSI drivers (udeb)
 scsi-extra-modules-10.1-0-amd64-di - Uncommon SCSI drivers (udeb)
 scsi-modules-10.1-0-486-di - SCSI drivers (udeb)
 scsi-modules-10.1-0-amd64-di - SCSI drivers (udeb)
 serial-modules-10.1-0-486-di - Serial drivers (udeb)
 serial-modules-10.1-0-amd64-di - Serial drivers (udeb)
 sound-modules-10.1-0-486-di - sound support (udeb)
 sound-modules-10.1-0-amd64-di - sound support (udeb)
 usb-serial-modules-10.1-0-486-di - USB serial drivers (udeb)
 usb-serial-modules-10.1-0-amd64-di - USB serial drivers (udeb)
 zfs-modules-10.1-0-486-di - ZFS filesystem support (udeb)
 zfs-modules-10.1-0-amd64-di - ZFS filesystem support (udeb)
 zlib-modules-10.1-0-486-di - zlib modules (udeb)
 zlib-modules-10.1-0-amd64-di - zlib modules (udeb)
Closes: 779195 782107
Changes:
 kfreebsd-10 (10.1~svn274115-4) unstable; urgency=high
 .
   * Pick SVN r281232 from FreeBSD 10.1-RELEASE to fix:
     - SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
       updated patch from advisory revision 1.1 (Closes: #779195)
     - SA-15:09: Denial of Service with IPv6 Router Advertisements
       (CVE-2015-2923) (Closes: #782107)
Checksums-Sha1:
 dacc8aa33ff694a5b142a181e99f70a37733ecec 11361 kfreebsd-10_10.1~svn274115-4.dsc
 44860368a71dd9c456c21b87d81f97eae5081198 143500 kfreebsd-10_10.1~svn274115-4.debian.tar.xz
 abc1a393d6770f560ba131313cf7f3d18d61374e 26514214 kfreebsd-source-10.1_10.1~svn274115-4_all.deb
Checksums-Sha256:
 646a9248b1802247f2d7b0fa97ad58ebee57a605067bf2bdfa0f94cf515d5c36 11361 kfreebsd-10_10.1~svn274115-4.dsc
 1074b8aa82fe89cdddf28caf501f5d505174f23a5fb02c1a97c7755474181fcc 143500 kfreebsd-10_10.1~svn274115-4.debian.tar.xz
 e66f8402578c7363fdd108f2c02683a6571883577b5f425cb0ff0e244f8f9076 26514214 kfreebsd-source-10.1_10.1~svn274115-4_all.deb
Files:
 36673407049122abccb73ae000408b8a 11361 kernel optional kfreebsd-10_10.1~svn274115-4.dsc
 71d572e2fb4081c1de313d27ae003dcc 143500 kernel optional kfreebsd-10_10.1~svn274115-4.debian.tar.xz
 ec48cd659650a6ea622629f07bab5ce7 26514214 kernel optional kfreebsd-source-10.1_10.1~svn274115-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVJF8pAAoJELrpzbaMAu5TfYIIAL+4OjTS8v1Jgd0s+SCnjwcz
U48J1pFOMw6Sdmawa2B1pDpWKFFbhMAxPSwNOzWrwGjGoYYq1aZY5kKX4GMHOC1o
vEfyuiSj2jiLCr+NIGYQQBH2YtH7Dl59KS9uhbdsi2t/NMnXs+3lv+v4DRDSw0Ig
VkQx5rz3PuE7ZH/0b/ed/1J+6JGJQiIasnPgvX9zxRNvaK3wLVxvABxLRZrlZz5/
At1IVjKeZjNBm6wCDWEe48/nPRDZj4Hea7Mo37kVHfI4/NMB/sBxp/zzrjcdP4ut
x1UWUAl+ZG3WspXgpbvINIQe2e7a7FW3HAoY9NJ6XJvxzPZ9ne8Gfo7ru9mYmAQ=
=NGfn
-----END PGP SIGNATURE-----

Bug 782107 cloned as bug 782735 Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Thu, 16 Apr 2015 21:36:04 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 May 2015 07:29:15 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:04:41 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started