CVE-2016-1879

NameCVE-2016-1879
DescriptionThe Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs811277

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kfreebsd-10 (PTS)jessie10.1~svn274115-4vulnerable
sid, stretch10.3~svn300087-3vulnerable
kfreebsd-9 (PTS)wheezy, wheezy (security)9.0-10+deb70.10vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kfreebsd-10source(unstable)(unfixed)unimportant811277
kfreebsd-9source(unstable)(unfixed)high
kfreebsd-9sourcewheezy(unfixed)end-of-life

Notes

kfreebsd not covered by security support in Jessie
[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)

Search for package or bug name: Reporting problems