Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Sep 2013 23:56:57 +1000 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Jerry <jerry@seibercom.net>
Cc:        Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>, freebsd-questions@freebsd.org
Subject:   Re: Potential Vulnerabilities list on US Cert
Message-ID:  <20130903232341.O99094@sola.nimnet.asn.au>
In-Reply-To: <mailman.61.1378209602.51044.freebsd-questions@freebsd.org>
References:  <mailman.61.1378209602.51044.freebsd-questions@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 483, Issue 2, Message: 1
On Mon, 2 Sep 2013 10:41:44 -0400 Jerry <jerry@seibercom.net> wrote:

 > I usually check the US Cert listing every week to see if anything
 > interesting is listed. <https://www.us-cert.gov/ncas/bulletins/SB13-245>;
 > 
 > I discovered that there are two listings for FreeBSD:
 > 
 > 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077
 > 
 > 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209
 > 
 > I just thought that users should be aware of this.

Thanks for the thought, Jerry.  To add to Lowell's assurance ..

If you followed the links in those vuln reports to the FreeBSD Security 
Advisories and source patches for all supported FreeBSD versions, that 
were applied prior to their announcement on 22nd August in (at least) 
the freebsd-security@ and freebsd-announce@ lists, you could have known 
a week sooner :)

Anyone running a FreeBSD system with possibly untrusted local users 
running multicast (in the case of CVE-2013-3077) or running servers 
using SCTP (in the case of CVE-2013-5209) would naturally have read 
these and have applied updates before the CERT advisories appeared.

cheers, Ian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130903232341.O99094>