Summary: | Kernel: Remote oops/firewall bypasses (CAN-2005-{0209,0449}) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||||
Component: | Kernel | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | critical | CC: | hardened-kernel+disabled, joker, kang, security-kernel, solar | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Whiteboard: | [linux < 2.6.11] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-02-07 22:43:29 UTC
The above patch is CAN-2005-0449 (SMP, linux-2.6 only) Another similar issue, from Ubuntu recent kernel updates: A remote Denial of Service vulnerability was discovered in the Netfilter IP packet handler. This allowed a remote attacker to crash the machine by sending specially crafted IP packet fragments. Affects only certain NICS, linux-2.6 only (CAN-2005-0209) Patch: http://linux.bkbits.net:8080/linux-2.6/cset%4041f59581p1swNaow4K1aBglV-q2jfQ Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these... gentoo-dev-sources unaffected According to this thread : http://oss.sgi.com/archives/netdev/2005-01/msg01191.html CAN-2005-0449 also applies to the 2.4-line. Created attachment 54763 [details, diff]
2.4 Patch
Created attachment 54764 [details, diff]
2.6 Compound Patch
mips-sources fixed. CCing maintainers: grsec-sources: CCing solar hardened-sources: CCing hardened openmosix-sources: CCing cluster rsbac-sources: CCing kang sparc-sources: CCing joker Marking the existing 2.4.30 kernels stable fixes this right? oM-sources-2.4.30-r1 goes stable. All fixed, closing bug. kang: rsbac-2.4 still needs this. All fixed, closing. |