Debian Security Advisory
DSA-3070-1 kfreebsd-9 -- security update
- Date Reported:
- 07 Nov 2014
- Affected Packages:
- kfreebsd-9
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3711, CVE-2014-3952, CVE-2014-3953, CVE-2014-8476.
- More information:
-
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.
- CVE-2014-3711
Denial of service through memory leak in sandboxed namei lookups.
- CVE-2014-3952
Kernel memory disclosure in sockbuf control messages.
- CVE-2014-3953
Kernel memory disclosure in SCTP. This update disables SCTP, since the userspace tools shipped in Wheezy didn't support SCTP anyway.
- CVE-2014-8476
Kernel stack disclosure in setlogin() and getlogin().
For the stable distribution (wheezy), these problems have been fixed in version 9.0-10+deb70.8.
We recommend that you upgrade your kfreebsd-9 packages.
- CVE-2014-3711