Date: Tue, 3 Sep 2013 23:56:57 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Jerry <jerry@seibercom.net> Cc: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>, freebsd-questions@freebsd.org Subject: Re: Potential Vulnerabilities list on US Cert Message-ID: <20130903232341.O99094@sola.nimnet.asn.au> In-Reply-To: <mailman.61.1378209602.51044.freebsd-questions@freebsd.org> References: <mailman.61.1378209602.51044.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 483, Issue 2, Message: 1 On Mon, 2 Sep 2013 10:41:44 -0400 Jerry <jerry@seibercom.net> wrote: > I usually check the US Cert listing every week to see if anything > interesting is listed. <https://www.us-cert.gov/ncas/bulletins/SB13-245> > > I discovered that there are two listings for FreeBSD: > > 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077 > > 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209 > > I just thought that users should be aware of this. Thanks for the thought, Jerry. To add to Lowell's assurance .. If you followed the links in those vuln reports to the FreeBSD Security Advisories and source patches for all supported FreeBSD versions, that were applied prior to their announcement on 22nd August in (at least) the freebsd-security@ and freebsd-announce@ lists, you could have known a week sooner :) Anyone running a FreeBSD system with possibly untrusted local users running multicast (in the case of CVE-2013-3077) or running servers using SCTP (in the case of CVE-2013-5209) would naturally have read these and have applied updates before the CERT advisories appeared. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130903232341.O99094>