From owner-freebsd-security@FreeBSD.ORG Wed Feb 25 11:24:23 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C3CCC950 for ; Wed, 25 Feb 2015 11:24:23 +0000 (UTC) Received: from mail.tdx.com (mail.tdx.com [62.13.128.18]) by mx1.freebsd.org (Postfix) with ESMTP id 8E71980B for ; Wed, 25 Feb 2015 11:24:23 +0000 (UTC) Received: from [10.12.30.106] (vpn01-01.tdx.co.uk [62.13.130.213]) (authenticated bits=0) by mail.tdx.com (8.14.3/8.14.3/) with ESMTP id t1PBOFuE010406 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 25 Feb 2015 11:24:15 GMT Date: Wed, 25 Feb 2015 11:24:16 +0000 From: Karl Pielorz To: freebsd-security@freebsd.org Subject: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix? Message-ID: X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2015 11:24:23 -0000 Hi, Presumably if you don't need IGMP, ipfw can be used to mitigate this on hosts until they're patched / rebooted, i.e. ipfw add x deny igmp from any to any ? Thanks, -Karl ---------- Forwarded Message ---------- Date: 25 February 2015 06:29 +0000 From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 =========================================================================== == FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol