Herbert Xu made me aware of a security relevant problem (remote opps/firewall bypass) in the netdev code. I did not see it on vendor-sec yet. http://linux.bkbits.net:8080/linux-2.5/cset@41f8843a8ZMCNuP3meYAYnnXd3CO_g (It changes the ABI, unfortunately). I think this is the relevant thread: http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
The above patch is CAN-2005-0449 (SMP, linux-2.6 only) Another similar issue, from Ubuntu recent kernel updates: A remote Denial of Service vulnerability was discovered in the Netfilter IP packet handler. This allowed a remote attacker to crash the machine by sending specially crafted IP packet fragments. Affects only certain NICS, linux-2.6 only (CAN-2005-0209) Patch: http://linux.bkbits.net:8080/linux-2.6/cset%4041f59581p1swNaow4K1aBglV-q2jfQ
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these...
gentoo-dev-sources unaffected
According to this thread : http://oss.sgi.com/archives/netdev/2005-01/msg01191.html CAN-2005-0449 also applies to the 2.4-line.
Created attachment 54763 [details, diff] 2.4 Patch
Created attachment 54764 [details, diff] 2.6 Compound Patch
mips-sources fixed.
CCing maintainers: grsec-sources: CCing solar hardened-sources: CCing hardened openmosix-sources: CCing cluster rsbac-sources: CCing kang sparc-sources: CCing joker
Marking the existing 2.4.30 kernels stable fixes this right?
oM-sources-2.4.30-r1 goes stable.
All fixed, closing bug.
kang: rsbac-2.4 still needs this.
All fixed, closing.