CAN-2005-0449

To: debian-kernel@lists.debian.org
Subject: CAN-2005-0449
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 22 Mar 2005 11:01:04 +0100
Message-id: <[🔎] 87y8cghue7.fsf@deneb.enyo.de>

The changelog entry for CAN-2005-0449 (in kernel-source-2.6.8) reads:

  * ipv4-fragment-queues-1.dpatch, ipv4-fragment-queues-2.dpatch,
    ipv4-fragment-queues-3.dpatch, ipv4-fragment-queues-4.dpatch:
    fix potential information leak by making fragment queues private.
    CAN-2005-0449 (Joshua Kwan, Simon Horman)

However, the CVE entry describes a different problem:

| The netfilter/iptables module in Linux before 2.6.8.1 allows remote
| attackers to cause a denial of service (kernel crash) or bypass
| firewall rules via crafted packets, which are not properly handled
| by the skb_checksum_help function.

Which one is correct?

Reply to:

Follow-Ups:
- Re: CAN-2005-0449
  - From: Horms <horms@debian.org>

Prev by Date: Re: NEW handling: About rejects, and kernels
Next by Date: Re: kernel-image-2.4.27-2-k7 missing CPU name from description
Previous by thread: Bug#299731: Update
Next by thread: Re: CAN-2005-0449
Index(es):
- Date
- Thread