E por falar em iptables deem uma olhada nisso... > > --------------------------------------------------------------------- > > Red Hat, Inc. Red Hat Security Advisory > > > > Synopsis: Kernel: FTP iptables vulnerability in 2.4 kernel and general bug fixes > > Advisory ID: RHSA-2001:084-03 > > Issue date: 2001-06-21 > > Updated on: 2001-06-21 > > Product: Red Hat Linux > > Keywords: iptables FTP ip_conntrack_ftp kernel > > Cross references: > > Obsoletes: RHSA-2001:052-02 > > --------------------------------------------------------------------- > > > > 1. Topic: > > > > A security hole has been found that does not affect the default > > configuration of Red Hat Linux, but it can affect some custom > > configurations of Red Hat Linux 7.1. The bug is specific > > to the Linux 2.4 kernel series. Aside from the fix, countless bugfixes > > have been applied to this kernel as a result of code-audits by the > > MC project of the Stanford University and others. > > > > 2. Relevant releases/architectures: > > > > Red Hat Linux 7.1 - i386, i586, i686 > > > > 3. Problem description: > > > > A vulnerability in iptables "RELATED" connection tracking has been > > discovered. When using iptables to allow FTP "RELATED" connections > > through the firewall, carefully constructed PORT commands can open > > arbitrary holes in the firewall. > > > > Default installations of Red Hat Linux 7.1 are not vulnerable; however > > upgrading to this kernel is recommended regardless in order to benefit from > > the other bug fixes in this kernel. > > > > 4. Solution: > > > > Before applying this update, make sure all previously released errata > > relevant to your system have been applied. > > > > The procedure for upgrading the kernel is documented at: > > > > http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html > > > > Please read the directions for your architecture carefully before > > proceeding with the kernel upgrade. > > > > Please note that this update is also available via Red Hat Network. Many > > people find this an easier way to apply updates. To use Red Hat Network, > > launch the Red Hat Update Agent with the following command: > > > > up2date > > > > This will start an interactive process that will result in the appropriate > > RPMs being upgraded on your system. > > > > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): > > > > 26999 - drm:r128_do_wait_for_fifo > > 29140 - Garbage output reported in kernel startup scanning DMA zones > > 29573 - erroneous IRQ conflict message > > 29555 - [aic7xxx] Installer hangs loading the aic7xxx module > > 29730 - Installer hangs when mounting IDE CDROM > > 31769 - Kernel fails to load cs46xx module on an IBM Thinkpad T20 > > 32723 - No Bass on Sound Blaster Live (emu10k1 chip) on 2.4.x kernel > > 36897 - missing entry in listing of an NFS directory served by IRIX > > 38429 - Ext2 file corruption with RH71 2.4.2-2 kernel and ServerWorks chipset > > 38536 - ide=reverse option not in install kernel > > 38588 - Installer hangs during package upgrades from 6.2 > > 39445 - pcnet32: warning: PROM address does not match CSR addre > > 39468 - Integration of TUX broke higher number system calls > > 39845 - mtrr not working properly (kernel 2.4.2-2) > > 40123 - Rebuild of custom kernel fails with 'undefined reference' > > 40793 - PCMCIA services fail to recognize inserts and removals on Dell Latitude CPx with more than 256Mb RAM > > 41353 - Poweroff crashes just before it should power down > > 41856 - mtrr (write-combining) messages on Athlon 1300 > > 43659 - Installer hangs when sym58c8xx driver loading for Tekram DC-390U3W > > 43940 - wvlan_cs update to 1.07 in 2.4.3-track > > > > 6. RPMs required: > > > > Red Hat Linux 7.1: > > > > SRPMS: > > ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.3-12.src.rpm > > > > i386: > > ftp://updates.redhat.com/7.1/en/os/i386/devfsd-2.4.3-12.i386.rpm > > ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.3-12.i386.rpm > > ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.3-12.i386.rpm > > ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.3-12.i386.rpm > > ftp://updates.redhat.com/7.1/en/os/i386/kernel-headers-2.4.3-12.i386.rpm > > ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.3-12.i386.rpm > > > > i586: > > ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.3-12.i586.rpm > > ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.3-12.i586.rpm > > > > i686: > > ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.3-12.i686.rpm > > ftp://updates.redhat.com/7.1/en/os/i686/kernel-enterprise-2.4.3-12.i686.rpm > > ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.3-12.i686.rpm > > > > 7. Verification: > > > > MD5 sum Package Name > > -------------------------------------------------------------------------- > > 4fc88b39d9a4c133383e26e169ea0028 7.1/en/os/SRPMS/kernel-2.4.3-12.src.rpm > > 56441741db1afc54585c09d5d70958d2 7.1/en/os/i386/devfsd-2.4.3-12.i386.rpm > > dc7d6ca72aa0a81cd9070ac41c00c084 7.1/en/os/i386/kernel-2.4.3-12.i386.rpm > > 33eaefca0670a7908d2dd27bae24937a 7.1/en/os/i386/kernel-BOOT-2.4.3-12.i386.rpm > > d6494b754931b3f8cad2a9db985e9183 7.1/en/os/i386/kernel-doc-2.4.3-12.i386.rpm > > 6409be31e631616ad1382dd8abe49009 7.1/en/os/i386/kernel-headers-2.4.3-12.i386.rpm > > 047d31db622884f59036b2de6c02f72a 7.1/en/os/i386/kernel-source-2.4.3-12.i386.rpm > > f2c2424f9ab4e04ae10ca81ef971edca 7.1/en/os/i586/kernel-2.4.3-12.i586.rpm > > dc5b453ba1f85cbe7747c016fe957c5c 7.1/en/os/i586/kernel-smp-2.4.3-12.i586.rpm > > 6e4dfbf5e9381a7c37113f61d77276df 7.1/en/os/i686/kernel-2.4.3-12.i686.rpm > > 0ef5481dd241cdae1df75b7f4cd3a213 7.1/en/os/i686/kernel-enterprise-2.4.3-12.i686.rpm > > 5588b32b37b96493ce4d37eaaa1e2f3f 7.1/en/os/i686/kernel-smp-2.4.3-12.i686.rpm > > > > These packages are GPG signed by Red Hat, Inc. for security. Our key > > is available at: > > http://www.redhat.com/corp/contact.html > > > > You can verify each package with the following command: > > rpm --checksig <filename> > > > > If you only wish to verify that each package has not been corrupted or > > tampered with, examine only the md5sum with the following command: > > rpm --checksig --nogpg <filename> > > > > 8. References: > > > > http://www.redhat.com/support/errata/RHSA-2001-052.html > > http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html > > > > Copyright(c) 2000, 2001 Red Hat, Inc. _______________________________________________ slack-users mailing list [EMAIL PROTECTED] http://www.linuxmag.com.br/mailman/listinfo/slack-users
