Debian Security Advisory

DSA-3070-1 kfreebsd-9 -- security update

Date Reported:
07 Nov 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3711, CVE-2014-3952, CVE-2014-3953, CVE-2014-8476.
More information:

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.

  • CVE-2014-3711

    Denial of service through memory leak in sandboxed namei lookups.

  • CVE-2014-3952

    Kernel memory disclosure in sockbuf control messages.

  • CVE-2014-3953

    Kernel memory disclosure in SCTP. This update disables SCTP, since the userspace tools shipped in Wheezy didn't support SCTP anyway.

  • CVE-2014-8476

    Kernel stack disclosure in setlogin() and getlogin().

For the stable distribution (wheezy), these problems have been fixed in version 9.0-10+deb70.8.

We recommend that you upgrade your kfreebsd-9 packages.