[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel Security Fixes

On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
> Hi,
> just got an announcement from the mandrake security list.
> Could please someone of the people with a deeper knowledge explain, if
> the mentioned issues are addressed in one of the "stock" debian
> kernels or if I have to get the sources from kernel.org and patch it
> myself? 

That's easy. You just need to browse 
http://www.debian.org/security/crossreferences and search the CVE names 
(the stuff that says CAN-XXXX-XXXX or CVE-XXXX-XXXX) against published 

Se below.

> <cite>
> Mandrake Linux Security Update Advisory
> Multiple vulnerabilities were discovered and fixed in the Linux
> kernel.
>  * CAN-2003-0001: Multiple ethernet network card drivers do not pad

Fixed in DSA 311.

>  * CAN-2003-0244: The route cache implementation in the 2.4 kernel and


>  * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier


>  * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel

>  * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to


See http://www.debian.org/security/2003/dsa-311
 (for i386):
   Security database references:
          In Mitre's CVE dictionary: CVE-2002-0429, CAN-2003-0001,
          CAN-2003-0127, CAN-2003-0244, CAN-2003-0246, CAN-2003-0247,
          CAN-2003-0248, CAN-2003-0364.


Attachment: pgpXU6PGeMsTG.pgp
Description: PGP signature

Reply to: