First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 81195
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
2.4-81195.patch 2.4 Patch patch Tim Yamin (RETIRED) 2005-03-29 07:44 0000 11.18 KB Details | Diff
2.6-81195.patch 2.6 Compound Patch patch Tim Yamin (RETIRED) 2005-03-29 07:45 0000 10.94 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 81195 depends on: Show dependency tree
Show dependency graph
Bug 81195 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-07 22:43 0000 
Herbert Xu made me aware of a security relevant problem (remote
opps/firewall bypass) in the netdev code. I did not see it on
vendor-sec yet.

  http://linux.bkbits.net:8080/linux-2.5/cset@41f8843a8ZMCNuP3meYAYnnXd3CO_g

(It changes the ABI, unfortunately).

I think this is the relevant thread:

  http://oss.sgi.com/archives/netdev/2005-01/msg01036.html

------- Comment #1 From Thierry Carrez (RETIRED) 2005-03-16 02:17:10 0000 ------- 
The above patch is CAN-2005-0449 (SMP, linux-2.6 only)

Another similar issue, from Ubuntu recent kernel updates:

A remote Denial of Service vulnerability was discovered in the
Netfilter IP packet handler. This allowed a remote attacker to crash
the machine by sending specially crafted IP packet fragments.
Affects only certain NICS, linux-2.6 only (CAN-2005-0209)

Patch:
http://linux.bkbits.net:8080/linux-2.6/cset%4041f59581p1swNaow4K1aBglV-q2jfQ

------- Comment #2 From Thierry Carrez (RETIRED) 2005-03-16 03:16:38 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #3 From Daniel Drake 2005-03-16 05:52:13 0000 ------- 
gentoo-dev-sources unaffected

------- Comment #4 From Thierry Carrez (RETIRED) 2005-03-26 09:02:17 0000 ------- 
According to this thread :
http://oss.sgi.com/archives/netdev/2005-01/msg01191.html

CAN-2005-0449 also applies to the 2.4-line.

------- Comment #5 From Tim Yamin (RETIRED) 2005-03-29 07:44:50 0000 ------- 
Created an attachment (id=54763) [edit]
2.4 Patch

------- Comment #6 From Tim Yamin (RETIRED) 2005-03-29 07:45:49 0000 ------- 
Created an attachment (id=54764) [edit]
2.6 Compound Patch

------- Comment #7 From Joshua Kinard 2005-04-23 22:24:28 0000 ------- 
mips-sources fixed.

------- Comment #8 From Tim Yamin (RETIRED) 2005-05-02 10:28:19 0000 ------- 
CCing maintainers:

grsec-sources: CCing solar
hardened-sources: CCing hardened
openmosix-sources: CCing cluster
rsbac-sources: CCing kang
sparc-sources: CCing joker

------- Comment #9 From solar 2005-05-02 10:43:37 0000 ------- 
Marking the existing 2.4.30 kernels stable fixes this right?

------- Comment #10 From Konstantin Arkhipov 2005-05-07 06:05:03 0000 ------- 
oM-sources-2.4.30-r1 goes stable.

------- Comment #11 From Tim Yamin (RETIRED) 2005-08-20 11:29:43 0000 ------- 
All fixed, closing bug.

------- Comment #12 From Tim Yamin (RETIRED) 2005-08-20 11:32:14 0000 ------- 
kang: rsbac-2.4 still needs this.

------- Comment #13 From Tim Yamin (RETIRED) 2005-11-26 02:29:05 0000 ------- 
All fixed, closing.
First Last Prev Next    No search results available      Search page      Enter new bug