Re: Potential Vulnerabilities list on US Cert
In freebsd-questions Digest, Vol 483, Issue 2, Message: 1 On Mon, 2 Sep 2013 10:41:44 -0400 Jerry je...@seibercom.net wrote: I usually check the US Cert listing every week to see if anything interesting is listed. https://www.us-cert.gov/ncas/bulletins/SB13-245 I discovered that there are two listings for FreeBSD: 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209 I just thought that users should be aware of this. Thanks for the thought, Jerry. To add to Lowell's assurance .. If you followed the links in those vuln reports to the FreeBSD Security Advisories and source patches for all supported FreeBSD versions, that were applied prior to their announcement on 22nd August in (at least) the freebsd-security@ and freebsd-announce@ lists, you could have known a week sooner :) Anyone running a FreeBSD system with possibly untrusted local users running multicast (in the case of CVE-2013-3077) or running servers using SCTP (in the case of CVE-2013-5209) would naturally have read these and have applied updates before the CERT advisories appeared. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Potential Vulnerabilities list on US Cert
I usually check the US Cert listing every week to see if anything interesting is listed. https://www.us-cert.gov/ncas/bulletins/SB13-245 I discovered that there are two listings for FreeBSD: 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209 I just thought that users should be aware of this. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Potential Vulnerabilities list on US Cert
These are the sctp vulnerabilitiese from a week or two back. Anyone following the Security Advisories can safely ignore these; they were issued after the relevant advisories and patches, and consist of nothing but pointers to the previous information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Potential Vulnerabilities list on US Cert
Jerry je...@seibercom.net writes: I usually check the US Cert listing every week to see if anything interesting is listed. https://www.us-cert.gov/ncas/bulletins/SB13-245 I discovered that there are two listings for FreeBSD: 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209 I just thought that users should be aware of this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org