Debian Bug report logs - #686962
CVE-2012-3549: kfreebsd SCTP DoS

version graph

Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Raphael Geissert <geissert@debian.org>

Date: Fri, 7 Sep 2012 17:21:02 UTC

Severity: grave

Tags: confirmed, fixed-upstream, security

Found in version kfreebsd-9/9.0-6

Fixed in version kfreebsd-9/9.0-7

Done: Steven Chamberlain <steven@pyro.eu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#686961; Package kfreebsd-8. (Fri, 07 Sep 2012 17:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
New Bug report received and forwarded. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Fri, 07 Sep 2012 17:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2012-3549: kfreebsd SCTP DoS
Date: Fri, 7 Sep 2012 12:17:45 -0500
Package: kfreebsd-8
Severity: grave
Tags: security
Control: clone -1 -2 -3
Control: reassign -2 src:kfreebsd-9
Control: reassign -3 src:kfreebsd-10

Hi,

CVE-2012-3549 has been assigned to be a remote DoS (via a NULL pointer 
dereference in the kernel) vulnerability in FreeBSD's SCTP 
implementation[1].

[1] http://www.exploit-db.com/exploits/20226/

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3549
    http://security-tracker.debian.org/tracker/CVE-2012-3549
Please adjust the affected versions in the BTS as needed.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net



Bug 686961 cloned as bugs 686962, 686963 Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 07 Sep 2012 17:33:06 GMT) Full text and rfc822 format available.

Bug reassigned from package 'kfreebsd-8' to 'src:kfreebsd-9'. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 07 Sep 2012 17:33:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#686962; Package src:kfreebsd-9. (Tue, 25 Sep 2012 16:15:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Tue, 25 Sep 2012 16:15:10 GMT) Full text and rfc822 format available.

Message #14 received at 686962@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 686962@bugs.debian.org
Subject: Re: CVE-2012-3549: kfreebsd SCTP DoS
Date: Tue, 25 Sep 2012 18:08:44 +0200
On Fri, Sep 07, 2012 at 12:17:45PM -0500, Raphael Geissert wrote:
> Package: kfreebsd-8
> Severity: grave
> Tags: security
> Control: clone -1 -2 -3
> Control: reassign -2 src:kfreebsd-9
> Control: reassign -3 src:kfreebsd-10
> 
> Hi,
> 
> CVE-2012-3549 has been assigned to be a remote DoS (via a NULL pointer 
> dereference in the kernel) vulnerability in FreeBSD's SCTP 
> implementation[1].
> 
> [1] http://www.exploit-db.com/exploits/20226/
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

If no upstream fix is available you might want to disable SCTP in the Wheezy
kernel?

Cheers,
        Moritz



Marked as found in versions kfreebsd-9/9.0-6. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Sun, 30 Sep 2012 13:15:06 GMT) Full text and rfc822 format available.

Added tag(s) confirmed and fixed-upstream. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Sun, 30 Sep 2012 13:21:04 GMT) Full text and rfc822 format available.

Reply sent to Steven Chamberlain <steven@pyro.eu.org>:
You have taken responsibility. (Mon, 29 Oct 2012 05:51:03 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Mon, 29 Oct 2012 05:51:03 GMT) Full text and rfc822 format available.

Message #23 received at 686962-close@bugs.debian.org (full text, mbox):

From: Steven Chamberlain <steven@pyro.eu.org>
To: 686962-close@bugs.debian.org
Subject: Bug#686962: fixed in kfreebsd-9 9.0-7
Date: Mon, 29 Oct 2012 05:48:09 +0000
Source: kfreebsd-9
Source-Version: 9.0-7

We believe that the bug you reported is fixed in the latest version of
kfreebsd-9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 686962@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated kfreebsd-9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 30 Sep 2012 17:06:07 +0100
Source: kfreebsd-9
Binary: kfreebsd-source-9.0 kfreebsd-headers-9.0-2 kfreebsd-image-9.0-2-686-smp kfreebsd-image-9-686-smp kfreebsd-headers-9.0-2-686-smp kfreebsd-headers-9-686-smp kfreebsd-image-9.0-2-amd64 kfreebsd-image-9-amd64 kfreebsd-headers-9.0-2-amd64 kfreebsd-headers-9-amd64 kfreebsd-image-9.0-2-486 kfreebsd-image-9-486 kfreebsd-headers-9.0-2-486 kfreebsd-headers-9-486 kfreebsd-image-9.0-2-686 kfreebsd-image-9-686 kfreebsd-headers-9.0-2-686 kfreebsd-headers-9-686 kfreebsd-image-9.0-2-xen kfreebsd-image-9-xen kfreebsd-headers-9.0-2-xen kfreebsd-headers-9-xen kfreebsd-image-9.0-2-malta kfreebsd-image-9-malta kfreebsd-headers-9.0-2-malta kfreebsd-headers-9-malta
Architecture: source all mipsel
Version: 9.0-7
Distribution: unstable
Urgency: medium
Maintainer: GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description: 
 kfreebsd-headers-9-486 - header files for kernel of FreeBSD 9 (meta-package)
 kfreebsd-headers-9-686 - header files for kernel of FreeBSD 9 (meta-package)
 kfreebsd-headers-9-686-smp - header files for kernel of FreeBSD 9 (transitional package)
 kfreebsd-headers-9-amd64 - header files for kernel of FreeBSD 9 (meta-package)
 kfreebsd-headers-9-malta - header files for kernel of FreeBSD 9 (meta-package)
 kfreebsd-headers-9-xen - header files for kernel of FreeBSD 9 (meta-package)
 kfreebsd-headers-9.0-2 - Common architecture-specific header files for kernel of FreeBSD 9
 kfreebsd-headers-9.0-2-486 - header files for kernel of FreeBSD 9.0
 kfreebsd-headers-9.0-2-686 - header files for kernel of FreeBSD 9.0
 kfreebsd-headers-9.0-2-686-smp - header files for kernel of FreeBSD 9.0 (transitional package)
 kfreebsd-headers-9.0-2-amd64 - header files for kernel of FreeBSD 9.0
 kfreebsd-headers-9.0-2-malta - header files for kernel of FreeBSD 9.0
 kfreebsd-headers-9.0-2-xen - header files for kernel of FreeBSD 9.0
 kfreebsd-image-9-486 - kernel of FreeBSD 9 image (meta-package)
 kfreebsd-image-9-686 - kernel of FreeBSD 9 image (meta-package)
 kfreebsd-image-9-686-smp - kernel of FreeBSD 9 (transitional package)
 kfreebsd-image-9-amd64 - kernel of FreeBSD 9 image (meta-package)
 kfreebsd-image-9-malta - kernel of FreeBSD 9 image (meta-package)
 kfreebsd-image-9-xen - kernel of FreeBSD 9 image (meta-package)
 kfreebsd-image-9.0-2-486 - kernel of FreeBSD 9.0 image
 kfreebsd-image-9.0-2-686 - kernel of FreeBSD 9.0 image
 kfreebsd-image-9.0-2-686-smp - kernel of FreeBSD 9.0 (transitional package)
 kfreebsd-image-9.0-2-amd64 - kernel of FreeBSD 9.0 image
 kfreebsd-image-9.0-2-malta - kernel of FreeBSD 9.0 image
 kfreebsd-image-9.0-2-xen - kernel of FreeBSD 9.0 image
 kfreebsd-source-9.0 - source code for kernel of FreeBSD 9.0 with Debian patches
Closes: 686962
Changes: 
 kfreebsd-9 (9.0-7) unstable; urgency=medium
 .
   * Pick SVN 239447 from FreeBSD 9-STABLE to fix a remote DoS
     vulnerability of SCTP (CVE-2012-3549) (Closes: #686962)
Checksums-Sha1: 
 63b878cfce469679667be37c97bf7abd60ed5c9b 4004 kfreebsd-9_9.0-7.dsc
 dabc6000b29d7dad823fc29782b3d3a384e50fc1 86259 kfreebsd-9_9.0-7.debian.tar.gz
 03db2c194083f75976bad67269b3d03424f45c4b 21827344 kfreebsd-source-9.0_9.0-7_all.deb
 05856abbb134c382f6478bc259dd7fda7e2385d2 9711568 kfreebsd-headers-9.0-2_9.0-7_mipsel.deb
 235717edf5b210cc2ae3e8d59f9a36cd7853f503 1861446 kfreebsd-image-9.0-2-malta_9.0-7_mipsel.deb
 68bb7760e933b027938940a9f0b391de36d385e3 50952 kfreebsd-image-9-malta_9.0-7_mipsel.deb
 63f1ada894d08406e4108c30e482cb8e058ecf4f 297014 kfreebsd-headers-9.0-2-malta_9.0-7_mipsel.deb
 6b27f6203d59032e65ea44b6173814f2142b33cd 50958 kfreebsd-headers-9-malta_9.0-7_mipsel.deb
Checksums-Sha256: 
 3a9d2555e1eb0033642b1dfebf098ce10192d7337239ef3dc06d498ab4789ea9 4004 kfreebsd-9_9.0-7.dsc
 d3498429b087516e7c8185b3cc2abcc2bb085953f5e63d2608b8aa253d86992f 86259 kfreebsd-9_9.0-7.debian.tar.gz
 c6595b3cc386ec0b82281b76daf3bde76b6ad30c1a5bb876f67558580ab8188a 21827344 kfreebsd-source-9.0_9.0-7_all.deb
 d6b39db2809a80222eece402e92cbb4459cc623fce9f11376759e67e3125f800 9711568 kfreebsd-headers-9.0-2_9.0-7_mipsel.deb
 d17b8c565b93387f7080821d7acfd1763c3f8da0be8f0335f8a212740353286d 1861446 kfreebsd-image-9.0-2-malta_9.0-7_mipsel.deb
 c69c0fb2b696ef2c847b43057fce3c851dc064c31eeef96fe3e88f839467ed8a 50952 kfreebsd-image-9-malta_9.0-7_mipsel.deb
 87e15b1fb64e29127c97792dc24950ecd2a6074cbc5d7243312c81b66d0032ab 297014 kfreebsd-headers-9.0-2-malta_9.0-7_mipsel.deb
 8f3cabcb842efeb8e23aca13ef6a140474142dc9b3cd765775f275e303d1d2db 50958 kfreebsd-headers-9-malta_9.0-7_mipsel.deb
Files: 
 9cb092f3f1e1f9caa51acbef2be9f313 4004 kernel optional kfreebsd-9_9.0-7.dsc
 84c47e22347ec7c159e14f58c5692ae7 86259 kernel optional kfreebsd-9_9.0-7.debian.tar.gz
 69bddf3c6a9963da75133615d49562d1 21827344 kernel optional kfreebsd-source-9.0_9.0-7_all.deb
 8b434a7504275977137c022589a2fabe 9711568 kernel optional kfreebsd-headers-9.0-2_9.0-7_mipsel.deb
 accc275eeeaf8ab8bc379ce0caaef836 1861446 kernel optional kfreebsd-image-9.0-2-malta_9.0-7_mipsel.deb
 9f5fb3a75177263301fc09dad78e27c3 50952 kernel optional kfreebsd-image-9-malta_9.0-7_mipsel.deb
 831d35fce903f0a7dd016c9ad6cddf7a 297014 kernel optional kfreebsd-headers-9.0-2-malta_9.0-7_mipsel.deb
 beaab3bbe5628b8cf6bc3c5051f23aa5 50958 kernel optional kfreebsd-headers-9-malta_9.0-7_mipsel.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/kFreeBSD)

iQIcBAEBAgAGBQJQjhKFAAoJEKv/7bJACMb5GKkP/i2XeNiA7c6QbYkmhn5u+FBz
JaC+a769i5EBU7sv8DOCZFyOLjULxABlIMyR4GcenXSGsH+PjvtSemnu2rKRmHtJ
EutKBtLa8YmwYwaMx6fvlT8uUBUeZpYL3Bs31m6WoOZ5rqjpBq4hyjr1sceAKlC8
17hsJ9T7DE7Bg7WhWYzcxPiRpXreo3bz2kZ1J7fewMqu4FfrQyCNDO71f2fY6861
/6Q2O9z/xpKtQi3lu1dh0rVQnSZ840NrwkIvKHiqEmx9tXrtOFvaR4iAzaFYRAGs
DT/UfJICZlTE2XusnLIn28tE5EnJxQOgr3f8vBL9aiRMaJchIJdBZEZyApKfbDeH
AqEhfWTq//2l4kiVi8MbZ4j2V5U+AN7GlrSUAwE0NJMLmTciPaxEp5B0WW7eDl4W
3K6rx49f3gza8h9I4NmBiuKDaN1iAUn76kpTXud+rCcdAWCmwF80m97CGXje9Jn+
xO1kQnf+14D7EcwAbxXXEjfWRZi3W8OaFoEAQrn8NoIiz0DdAY6OcclM1iDaaxWU
Hzi46yX2vwOdGmNUjMCVpQ+1CMDBvXrz3BqqnPvsZkNmSr7Qc0pDNcUxH7ftaI+h
c2yIqoJBdcRGkO0EkhaMjPzH934MKa5/iS48rvegTtNVXd/tIw+POdOwrzBiKfWy
P299CI/0DF/fJfCVKKng
=KCLE
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 03 Dec 2012 07:28:26 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:05:58 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.