Debian Security Advisory
DSA-3070-1 kfreebsd-9 -- security update
- Date Reported:
- 07 Nov 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3711, CVE-2014-3952, CVE-2014-3953, CVE-2014-8476.
- More information:
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.
Denial of service through memory leak in sandboxed namei lookups.
Kernel memory disclosure in sockbuf control messages.
Kernel memory disclosure in SCTP. This update disables SCTP, since the userspace tools shipped in Wheezy didn't support SCTP anyway.
Kernel stack disclosure in setlogin() and getlogin().
For the stable distribution (wheezy), these problems have been fixed in version 9.0-10+deb70.8.
We recommend that you upgrade your kfreebsd-9 packages.