Re: Accepted kernel-source-2.4.20 2.4.20-3woody.12 (all source)

To: debian-security@lists.debian.org
Subject: Re: Accepted kernel-source-2.4.20 2.4.20-3woody.12 (all source)
From: Marcin Owsiany <porridge@debian.org>
Date: Wed, 10 Sep 2003 16:50:55 +0200
Message-id: <[🔎] 20030910145055.GB27406@melina.ds14.agh.edu.pl>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <E19x49A-0002Oz-00@auric.debian.org>
References: <E19x49A-0002Oz-00@auric.debian.org>

On Wed, Sep 10, 2003 at 08:32:32AM -0400, Herbert Xu wrote:
> Changes: 
>  kernel-source-2.4.20 (2.4.20-3woody.12) stable; urgency=low
>  .
>    * Fixed conntrack DoS (netfilter):
>      . include/linux/netfilter_ipv4/ip_conntrack.h
>      . net/ipv4/netfilter/ip_conntrack_core.c
>      . net/ipv4/netfilter/ip_conntrack_proto_tcp.c
>      . net/ipv4/netfilter/ip_conntrack_proto_udp.c
>      . net/ipv4/netfilter/ip_conntrack_standalone.c

I guess this a fix for one of the vulnerabilities announced by netfilter
team at the beginning of August:
http://lists.netfilter.org/pipermail/netfilter-devel/2003-August/012151.html
(Conntrack list_del() DoS)

How about the second message posted on the same day? (NAT Remote DOS (SACK mangle)):
http://lists.netfilter.org/pipermail/netfilter-devel/2003-August/012152.html

Herbert, aren't you going to patch it as well?
Or maybe this is the bug fixed in kernel-source-2.4.3 (2.4.3-4), back in
April (Bug#94216)? (The urls in the bug report are not valid any more,
so I can't check.)

regards,

Marcin
-- 
Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to:

Prev by Date: Re: php with different user ids under apache?
Next by Date: sshd, pam and expired passwords
Previous by thread: unsubscribe
Next by thread: sshd, pam and expired passwords
Index(es):
- Date
- Thread