Date: Sat, 16 Nov 2024 14:20:43 +0100 From: Lasse Kliemann <lasse@lassekliemann.de> To: freebsd-security@freebsd.org Subject: CVE-2024-39281 allegedly not fixed in 14.1 Message-ID: <871pzbgvro.fsf@lassekliemann.de>
index | next in thread | raw e-mail
[-- Attachment #1 --] Since a few days, I see this warning: Checking for security vulnerabilities in base (userland & kernel): Database fetched: 2024-11-15T19:30+00:00 FreeBSD-kernel-14.1_5 is vulnerable: FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer CVE: CVE-2024-39281 WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html The corresponding SA (FreeBSD-SA-24:18.ctl) is from 2024-10-29. Since I install updates regularly, it should be applied already. Indeed: # freebsd-update fetch ... No updates needed to update system to 14.1-RELEASE-p6. # uname -a FreeBSD ... 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64 What should I do in response to the warning? [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iI0EARYKADUWIQRNabwEzR91iTNLCwCfwv7prmllKgUCZzicLBccbGFzc2VAbGFz c2VrbGllbWFubi5kZQAKCRCfwv7prmllKqn7AP9RThgGMRFxNqkDsRnjCV+3naS5 6kDJ2shO+aPuzWmdRgEAxeDIXKmaJsIlEc0Uj/z1KTM9CBIl6mBd/mnCkkJKcwI= =czPs -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?871pzbgvro.fsf>