On Fri, Feb 18, 2005 at 12:17:47PM +0100, Djoume SALVETTI wrote: > Package: kernel-source-2.6.8 > Severity: normal > > > Good day, > > >From CAN-2005-0449 : > > | The netfilter/iptables module in Linux before 2.6.8.1 allows remote > | attackers to cause a denial of service (kernel crash) or bypass > | firewall rules via crafted packets, which are not properly handled by > | the skb_checksum_help function.
On Fri, Feb 18, 2005 at 12:24:28PM +0100, Djoume SALVETTI wrote: > Package: kernel-source-2.6.10 > Severity: normal > > > Good day, > > >From CAN-2005-0449 : > > | The netfilter/iptables module in Linux before 2.6.8.1 allows remote > | attackers to cause a denial of service (kernel crash) or bypass > | firewall rules via crafted packets, which are not properly handled by > | the skb_checksum_help function. > > More info is available here : > http://oss.sgi.com/archives/netdev/2005-01/msg01036.html > > I believe this CAN is bogus as 2.6.10 seems to be vulnerable. > > A patch from Herbet Xu is available here : > > http://oss.sgi.com/archives/netdev/2005-01/msg01072.html This change is for CAN-2005-209 AFIK. It has been added to SVN already. CAN-2005-0449 is a different problem and its patch seems to introduce an ABI change. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
