[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel 2.4.21 Forwarding table vulnerability

When were they patched? And how do I know when they
are patched and when they are available?  Is there
somewhere I can find this info?  I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.



Thanks
--- Matthijs Mohlmann <matthijs@active2.homelinux.org>
wrote:
> Why download the source from RedHat? The source from
> debian is also
> patched with needed patches.
> 
> apt-get install kernel-source
> 
> On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
> > You can download Red Hats  
> > kernel-source-2.4.20-19.9.i386.rpm run alien
> against
> > it and install the dpkg'ed kernel-source.deb.  I
> have
> > been forced to do this in the past to get patches
> that
> > havn't been released or in the main stream kernel
> from
> > kernel.org yet.
> > 
> > 
> > Peace
> > --- Phillip Hofmeister <plhofmei@zionlth.org>
> wrote:
> > > If I do use bridging...is there a patch?
> > > 
> > > What is the consequences of an unpatched system?
> (In
> > > more detail than
> > > below)
> > > 
> > > On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert
> Xu
> > > wrote:
> > > > Florian Weimer <fw@deneb.enyo.de> wrote:
> > > > > Bruce Banner <bruc3_banner@yahoo.com>
> writes:
> > > > > 
> > > > >> CAN-2003-0552: Jerry Kreuscher discovered
> that
> > > the Forwarding table
> > > > >> could be spoofed by sending forged packets
> with
> > > bogus source
> > > > >> addresses the same as the local host.
> > > > > 
> > > > > Ah, this one.  I don't even know if it's
> about
> > > IP.
> > > > > 
> > > > > As usual, Red Hat's advisory is a joke.
> *sigh*
> > > > 
> > > > If you don't use bridging then it doesn't
> affect
> > > you.
> > > > -- 
> > > > Debian GNU/Linux 3.0 is out! (
> > > http://www.debian.org/ )
> > > > Email:  Herbert Xu ~{PmV>HI~}
> > > <herbert@gondor.apana.org.au>
> > > > Home Page:
> http://gondor.apana.org.au/~herbert/
> > > > PGP Key:
> > > http://gondor.apana.org.au/~herbert/pubkey.txt
> > > > 
> > > > 
> > > > 
> > > 
> > > -- 
> > > Phillip Hofmeister
> > > 
> > > PGP/GPG Key:
> > > http://www.zionlth.org/~plhofmei/
> > > wget -O -
> http://www.zionlth.org/~plhofmei/key.txt |
> > > gpg --import
> > > --
> > > Excuse #20: Monitor resolution too high 
> > > 
> > > 
> > > -- 
> > > To UNSUBSCRIBE, email to
> > > debian-security-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble?
> Contact
> > > listmaster@lists.debian.org
> > > 
> > 
> > 
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> > http://sitebuilder.yahoo.com
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Reply to: