Potential Vulnerabilities list on US Cert
Ian Smith
smithi at nimnet.asn.au
Tue Sep 3 13:57:10 UTC 2013
In freebsd-questions Digest, Vol 483, Issue 2, Message: 1
On Mon, 2 Sep 2013 10:41:44 -0400 Jerry <jerry at seibercom.net> wrote:
> I usually check the US Cert listing every week to see if anything
> interesting is listed. <https://www.us-cert.gov/ncas/bulletins/SB13-245>
>
> I discovered that there are two listings for FreeBSD:
>
> 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077
>
> 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209
>
> I just thought that users should be aware of this.
Thanks for the thought, Jerry. To add to Lowell's assurance ..
If you followed the links in those vuln reports to the FreeBSD Security
Advisories and source patches for all supported FreeBSD versions, that
were applied prior to their announcement on 22nd August in (at least)
the freebsd-security@ and freebsd-announce@ lists, you could have known
a week sooner :)
Anyone running a FreeBSD system with possibly untrusted local users
running multicast (in the case of CVE-2013-3077) or running servers
using SCTP (in the case of CVE-2013-5209) would naturally have read
these and have applied updates before the CERT advisories appeared.
cheers, Ian
More information about the freebsd-questions
mailing list