Al Smith wrote:
>
> I received this from one of my friends who use's SuSE 6.0 (another good OS). I
> think it needs to be addressed for the mandrake kernel.
>
> -Al
The fixed kernel is now available in the mirrors (check /updates/6.0 with
++)
It was previously in bero/fixes as announced yesteday.
Jacques
>
> ---------------------------------------------------------------------------
>
> Subject: [OSS] 2.2.x Security Announcement (fwd)
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
>
> this applies to all who are using the 2.2.x kernel. up through 2.2.9.
> ciao, elmo
>
> --
>
> Elmo Recio; Philadelphia, PA 19103; USA
> Email: [EMAIL PROTECTED]
> Homepage: http://polywog.navpoint.com/~elmo
> Computer Science student at Drexel Univ
>
> Oracle Applications Development at OIT@TJU
> Linux Project Co-ordinator at OIT@TJU
>
> "Download something,
> useful or useless.
> Because i'm lying here wide to receive
> Almost anything you'd care to leave"
> -Morrissey (Wide To Receive)
>
> ---------- Forwarded message ----------
> From: Thomas Biege <[EMAIL PROTECTED]>
> Date: Fri, 4 Jun 1999 06:24:08 +0200 (MEST)
> Reply-To: [EMAIL PROTECTED]
> To: undisclosed-recipients: ;
> Subject: SuSE Security Announcement
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> ______________________________________________________________________________
>
> SuSE Security Announcement
>
> Package: Linux kernel 2.2.x
> Date: Thu Jun 3 19:50:05 CEST 1999
> Affected: All Linux systems using kernel 2.2.x
>
> ______________________________________________________________________________
>
> A security hole were discovered in the package mentioned above.
> Please update as soon as possible or disable the service if you are using
> this software on your SuSE Linux installation(s).
>
> Other Linux distributions or operating systems might be affected as
> well, please contact your vendor for information about this issue.
>
> Please note, that that we provide this information on as "as-is" basis only.
> There is no warranty whatsoever and no liability for any direct, indirect or
> incidental damage arising from this information or the installation of
> the update package.
>
> ______________________________________________________________________________
>
> 1. Problem Description
>
> The Linux kernel 2.2.x doesn't correctly parse the IP options, which
> leads to kernel panic.
>
> 2. Impact
>
> Linux machines running kernel 2.2.x could be shut down over the network
> by sending malicious formated ICMP packets.
>
> 3. Solution
>
> Install the fixed kernel from our ftp server.
>
> ______________________________________________________________________________
>
> Here is the md5 checksum of the upgrade package, please verify these
> before installing the new package:
>
> d7da41803cde484fac910dc0eaa0a5df lx_suse-2.2.7.SuSE-3.i386.rpm
> c106a0465630260cfa4181c2c0e84ec4 linux-2.2.7.SuSE.tgz
> ______________________________________________________________________________
>
> You will find the updates on our ftp-Server:
>
> ftp://ftp.suse.com/pub/SuSE-Linux/suse_update/kernel/linux-2.2.7.SuSE.tgz
>
>ftp://ftp.suse.com/pub/SuSE-Linux/suse_update/suse61/d1/lx_suse-2.2.7.SuSE-3.i386.rpm
>
> Webpage for patches:
> http://www.suse.de/patches/index.html
>
> or try the following web pages for a list of mirrors:
>
> http://www.suse.de/ftp.html
> http://www.suse.com/ftp_new.html
>
> ______________________________________________________________________________
>
> SuSE has got two free security mailing list services to which any
> interested party may subscribe:
>
> [EMAIL PROTECTED] - unmoderated and for general/linux/SuSE
> security discussions. All SuSE security
> announcements are send to this list.
>
> [EMAIL PROTECTED] - SuSE's announce-only mailing list.
> Only SuSE's security annoucements are sent
> to this list.
>
> To subscribe, send an email to [EMAIL PROTECTED] with the text
>
> subscribe suse-security
> or
> subscribe suse-security-announce
>
> in the body of the message. Or just issue a
>
> echo subscribe suse-security | mail [EMAIL PROTECTED]
> or
> echo subscribe suse-security-announce | mail [EMAIL PROTECTED]
>
> ______________________________________________________________________________
>
> If you want to report *NEW* security bugs in the SuSE Linux Distribution
> please send an email to [EMAIL PROTECTED] or call our support line.
> You may use pgp with the public key below to ensure confidentiality.
> ______________________________________________________________________________
>
> This information is provided freely to everyone interested and may
> be redistributed provided that it is not altered in any way.
>
> Type Bits/KeyID Date User ID
> pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <[EMAIL PROTECTED]>
>
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.3i
>
> mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
> BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
> JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
> 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
> P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
> cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
> VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
> yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
> tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
> xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
> Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
> choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
> BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
> v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
> x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
> Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
> MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
> saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
> L0oixF12Cg==
> =pIeS
> - -----END PGP PUBLIC KEY BLOCK-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQEVAwUBN1dUQney5gA9JdPZAQHnWQf9EMvrfAlTBiq6kVl1ZYrHZJEI1F+CQY68
> baAOl6Du5YBbW4oIlTdY8W1an4m/BRMGfR3lTV/7N+o0Bd7kvmwg6n8e4HQmRJL/
> XWUQRATkMV3QCe24ACzvpATELf8KakDaxjpbSWPGwoslmeTg+1G1z1vH7423YOGG
> OymxfiPOselUZoU/x2nexRHi/TjlcAu4eAWJ59/PC4i0OMT3V1Hqb3eYfIHlikQz
> xMh/T3HeY8MNS+8JT0MlHVc+b8KdaZ5wA+f3KG4ot9yAeoqKjxK43I3JjkEAhvxg
> QrR99Fh5YBMUrieQ1Kkvpp1T3JdQi1Cf0NpgYx9kSZDO3fAD60lZww==
> =uBdV
> -----END PGP SIGNATURE-----
> --
> To unsubscribe from this list please send a mail to [EMAIL PROTECTED] with
> 'unsubscribe suse-security-announce' in its body.
