I quote from the forum (http://forums.gentoo.org/viewtopic.php?t=75555)
-- quote -- "The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions." "The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports." "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)." SOLUTION It is recommended that all Gentoo Linux users who are running sys-kernel/gentoo-sources upgrade to gentoo-sources-2.4.20-r6 as follows -- end qoute -- Hope this helps. On Mon, 2003-08-18 at 16:54, Chris Bare wrote: > I just did an emerge -u --deep world. It did not list the gentoo-source > as a package it would upgrade, but I happened to look at the messages > streaming by and saw that it was installing 2.4.20-r6. > > I was kind-of surprised that I'd get a new kernel version so stealthily. > qpkg shows I have r5 and r6 installed: > > # qpkg -I -v gentoo-source > sys-kernel/gentoo-sources-2.4.20-r5 * > sys-kernel/gentoo-sources-2.4.20-r6 * > > I have 2 questions. > How would I have even known this got installed if I hadn't happened to > see it scroll by? > > How do I find out what's in r6 to decide if I want to build/install/run > it? -- [EMAIL PROTECTED] mailing list
