drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme im Linux-Kernel
Name: |
Mehrere Probleme im Linux-Kernel
|
|
ID: |
200308-01 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Sa, 16. August 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
gentoo-sources |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200308-01 --------------------------------------------------------------------
PACKAGE : gentoo-sources SUMMARY : multiple vulnerabilities DATE : 2003-08-14 12:16 UTC EXPLOIT : remote VERSIONS AFFECTED : <gentoo-sources-2.4.20-r6 FIXED VERSION : >=gentoo-sources-2.4.20-r6 CVE : CAN-2003-0244 CAN-2003-0246 CAN-2003-0462
--------------------------------------------------------------------
- quotes from CVE:
"The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions."
"The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports."
"A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)."
SOLUTION
It is recommended that all Gentoo Linux users who are running sys-kernel/gentoo-sources upgrade to gentoo-sources-2.4.20-r6 as follows
emerge sync emerge gentoo-sources emerge clean
After that, compile, install and reboot your computer to complete the upgrade.
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/O32dfT7nyhUpoZMRAvRRAJ9gKhIHNvEKkhnIGh50DV06W93E/gCffg3L foJIctGEKqdWsL9tFbFxArI= =qIHR -----END PGP SIGNATURE-----
|
|
|
|