Kernel Security Fixes
Hi,
just got an announcement from the mandrake security list.
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the "stock" debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
<cite>
Mandrake Linux Security Update Advisory
Multiple vulnerabilities were discovered and fixed in the Linux
kernel.
* CAN-2003-0001: Multiple ethernet network card drivers do not pad
frames with null bytes which allows remote attackers to obtain
information from previous packets or kernel memory by using
special malformed packets.
* CAN-2003-0244: The route cache implementation in the 2.4 kernel and
the Netfilter IP conntrack module allows remote attackers to cause
a
Denial of Service (DoS) via CPU consumption due to packets with
forged source addresses that cause a large number of hash table
collisions related to the PREROUTING chain.
* CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier
kernels does not properly restrict privileges, which allows local
users to gain read or write access to certain I/O ports.
* CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel
allows attackers to cause a kernel oops resulting in a DoS.
* CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to
modify CPU state registers via a malformed address.
</cite>
Thank you very uch for your attention!
Have a nice thread,
Peter
Reply to: