On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote: > Hi, > > just got an announcement from the mandrake security list. > > Could please someone of the people with a deeper knowledge explain, if > the mentioned issues are addressed in one of the "stock" debian > kernels or if I have to get the sources from kernel.org and patch it > myself?
That's easy. You just need to browse http://www.debian.org/security/crossreferences and search the CVE names (the stuff that says CAN-XXXX-XXXX or CVE-XXXX-XXXX) against published advisories. Se below. > > <cite> > > Mandrake Linux Security Update Advisory > > Multiple vulnerabilities were discovered and fixed in the Linux > kernel. > > * CAN-2003-0001: Multiple ethernet network card drivers do not pad (..) Fixed in DSA 311. > > * CAN-2003-0244: The route cache implementation in the 2.4 kernel and Ditto. > * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier Same. > * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel Ditto. > > * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to Ditto. See http://www.debian.org/security/2003/dsa-311 (for i386): Security database references: In Mitre's CVE dictionary: CVE-2002-0429, CAN-2003-0001, CAN-2003-0127, CAN-2003-0244, CAN-2003-0246, CAN-2003-0247, CAN-2003-0248, CAN-2003-0364. Regards Javi
pgp00000.pgp
Description: PGP signature
