[Pluto-security] Alcuni bachi...(iptables e kernel 2.4.20)

Tommaso 'Dido' Di Donato pluto-security@lists.pluto.linux.it
Wed, 04 Dec 2002 09:39:41 +0100


Riassumo alcuni security bug:

------------------------

                   Netfilter Core Team Security Advisory

Subject:

   Local Netfilter / IPTables IP Queue PID Wrap Flaw

Released:

   December 3, 2002.

Effects:

   Under limited circumstances, an unprivileged local user may be able
   to read a limited amount of arbitrary IPv4 or IPv6 traffic.

Estimated Severity:

   Low.

Remotely Exploitable:

   No.

Systems Affected:

   Linux 2.4 kernels up to and including 2.4.19, and Linux 2.5 kernels
   up to and including 2.5.31, where Netfilter / IPTables is enabled,
   and where either of the experimental IP queuing modules (ip_queue,
   ip6_queue) are in use.

Solution:

   Upgrade to Linux kernels 2.4.20 (stable), and 2.5.32 (development).

---------------------------------


Nel frattempo, per=F2, sono emersi alcuni problemi al kernel 2.4.20:

------------------------------
Someone has pointed out that the recommended 2.4.20 kernel has an ext3
data corruption bug (which fortunately will not affect most users).

The changset comments for the ext3 bug are at:
<http://linux.bkbits.net:8080/linux-2.4/cset@1.793?nav=3Dindex.html|ChangeSe=
t@-1d>

Please be careful if updating to 2.4.20, or wait until 2.4.21.


- - James
- --
James Morris
<jmorris@intercode.com.au>


------------------------------

Dido