On Tue, Mar 22, 2005 at 10:44:11PM +0900, Horms wrote: > Hi, > > I would like to advise that kernel-source-2.4.27 is > vulnerable to CAN-2005-0449 and that the fix requires > an ABI change. This is the same situation as kernel-source-2.6.8, > and the patch is almost identical. > > CAN-2005-0449 is a remotely exploitable bug that allows > carefully crafted packets to cause the kernel to crash > by exploting a race in the fragmentation handling code. > > http://oss.sgi.com/archives/netdev/2005-01/msg01048.html > > For reference the fix can be found at > http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] > > This changes the ABI by adding an extra argument to the > ip_defrag() and ip_ct_gather_frags() exported functions.
Minor update: ip_defrag() is introduced in 2.4.27-9, so ip_ct_gather_frags() is the only pre 2.4.27-9 symbol that is being changed. > The intention of this email is to advise the d-i team of this change > so a schedule for release can be discussed. I am happy to > ommit the the inclusion of the fix CAN-2005-0449 from the > next release of kernel-source-2.4.27, and delay its inclusion > as the d-i team recommends. > > At this stage, this is the only ABI change I have for kernel-source-2.4.27. > I will advise if this situation changes. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
