Hi, just got an announcement from the mandrake security list.
Could please someone of the people with a deeper knowledge explain, if the mentioned issues are addressed in one of the "stock" debian kernels or if I have to get the sources from kernel.org and patch it myself? <cite> Mandrake Linux Security Update Advisory Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. </cite> Thank you very uch for your attention! Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]