On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
> Hi,
>
> just got an announcement from the mandrake security list.
>
> Could please someone of the people with a deeper knowledge explain, if
> the mentioned issues are addressed in one of the "stock" debian
> kernels or if I have to get the sources from kernel.org and patch it
> myself?
That's easy. You just need to browse
http://www.debian.org/security/crossreferences and search the CVE names
(the stuff that says CAN-XXXX-XXXX or CVE-XXXX-XXXX) against published
advisories.
Se below.
>
> <cite>
>
> Mandrake Linux Security Update Advisory
>
> Multiple vulnerabilities were discovered and fixed in the Linux
> kernel.
>
> * CAN-2003-0001: Multiple ethernet network card drivers do not pad
(..)
Fixed in DSA 311.
>
> * CAN-2003-0244: The route cache implementation in the 2.4 kernel and
Ditto.
> * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier
Same.
> * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel
Ditto.
>
> * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to
Ditto.
See http://www.debian.org/security/2003/dsa-311
(for i386):
Security database references:
In Mitre's CVE dictionary: CVE-2002-0429, CAN-2003-0001,
CAN-2003-0127, CAN-2003-0244, CAN-2003-0246, CAN-2003-0247,
CAN-2003-0248, CAN-2003-0364.
Regards
Javi
Attachment:
pgpolRnbsrW34.pgp
Description: PGP signature