[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 636-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 12th, 2005 http://www.debian.org/security/faq - -- Package: glibc Vulnerability : insecure temporary files Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0968 BugTraq ID : 11286 Debian Bug : 279680 278278 205600 Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack. For the stable distribution (woody) these problems have been fixed in version 2.2.5-11.8. For the unstable distribution (sid) these problems have been fixed in version 2.3.2.ds1-20. We recommend that you upgrade your libc6 package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.dsc Size/MD5 checksum: 1458 bc2b80a7f76bbf4243fa86f5245f5a50 http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.diff.gz Size/MD5 checksum: 399970 4e1576598f13f2a628b3eef2c9bcdc48 http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9 Architecture independent components: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.8_all.deb Size/MD5 checksum: 2699182 c7a50fe321349d3593a8aa14a1a2c86a http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.8_all.deb Size/MD5 checksum: 3387990 8aaa9b854416e5a6e9b1a65b1bf7ea62 Alpha architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_alpha.deb Size/MD5 checksum: 4557986 2a37871e21fdb5a514d09110814d43b5 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_alpha.deb Size/MD5 checksum: 1351232 def6755e17e3bc9384f9fa2c0d568b55 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_alpha.deb Size/MD5 checksum: 2981066 41abb2fe30295e762110e4e065c9e188 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_alpha.deb Size/MD5 checksum: 1321546 f41b8bce8503579888203ac22c866344 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_alpha.deb Size/MD5 checksum: 1538778 526584f3262d17309a68b1c8fae6 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_alpha.deb Size/MD5 checksum:69866 b7135768c785f453a3027e811d8b ARM architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_arm.deb Size/MD5 checksum: 3686218 05ab21bcfd365fd6e56f6745eb0005fd http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_arm.deb Size/MD5 checksum: 2767406 c5d453caa9030ebf82023e3ded3ff844 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_arm.deb Size/MD5 checksum: 2863418 4bf8522f010cc826fd494e8deac0a504 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_arm.deb Size/MD5 checksum: 1182298 6197804eeb01e05a195b4360115cb19d http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_arm.deb Size/MD5 checksum: 1282776 557442af8531a7dccf5ed38865edfac1 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_arm.deb Size/MD5 checksum:59674 c191744f43225bc100f127267dbbd38b Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_i386.deb Size/MD5 checksum: 3383144 143978addc25816d4da0e850549a17fb http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_i386.deb Size/MD5 checksum: 2433964 efb2d99d347c2bd1f7a0904c1df18201 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_i386.deb Size/MD5 checksum: 2390882 78374bee4d59301db2ef508c44517260
Re: [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution
Joey, is exim-tls also affected? If yes, when can we expect an update. Many thanks, Rainer Am Mittwoch, 12. Januar 2005 08:47 schrieb Martin Schulze: -- Debian Security Advisory DSA 635-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 12th, 2005 http://www.debian.org/security/faq -- Package: exim Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0021 Debian Bug : 289046 Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address. For the stable distribution (woody) this problem has been fixed in version 3.35-1woody4. For the unstable distribution (sid) this problem has been fixed in version 3.36-13 of exim and 4.34-10 of exim4. We recommend that you upgrade your exim and exim4 packages. Upgrade Instructions wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.dsc Size/MD5 checksum: 661 d97ecab579bd3dbaa3e9be00b8b16d85 http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.diff. gz Size/MD5 checksum:80195 a02abeefa9d1145ae623ad661aab5f5a http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a Alpha architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_alpha .deb Size/MD5 checksum: 872796 a46f5dc95d777366cb492eb57ec8dd9f http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_alp ha.deb Size/MD5 checksum:52318 bf93e35aec9f401d8413015c50f5cbae ARM architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_arm.d eb Size/MD5 checksum: 785980 5ced90e4c4ecd1ca6a60980634b309e8 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_arm .deb Size/MD5 checksum:43514 07b7324395ff66f68db354c6b4589db7 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_i386. deb Size/MD5 checksum: 759270 9001a456b0a34f4bf5de88d901c70a97 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_i38 6.deb Size/MD5 checksum:39210 78e5eecee7101a355ddabec9d0f07b98 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_ia64. deb Size/MD5 checksum: 972852 43f4fc30483d8ad5c42e031fd64a9e8d http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_ia6 4.deb Size/MD5 checksum:65166 cdc921d9be2ec60b5f0ed95a5b976732 HP Precision architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_hppa. deb Size/MD5 checksum: 815358 c506baffb4404f32762468fbc494551c http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_hpp a.deb Size/MD5 checksum:48294 d90efe5be79e966e07a7cbe8e9013939 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_m68k. deb Size/MD5 checksum: 737856 aefe6b63ebd03e9fe449afe22e752547 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_m68 k.deb Size/MD5 checksum:37752 e0d2b938e50c3b408928b8150459ad2b Big endian MIPS architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mips. deb Size/MD5 checksum: 824458 0c1db679287a6de37f2c320f335c650c http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mip s.deb Size/MD5 checksum:48882 1670c36409482a8a870becf826f7ae68 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mipse l.deb Size/MD5 checksum: 824846 88564f1d1b0c1781587d5db1bccdde77 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mip sel.deb Size/MD5 checksum:48778 6a7002c766a84dd81eed39d23f8709d5 PowerPC architecture: http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_power pc.deb Size/MD5 checksum: 794244 abfa2009cd6417101d120a5980641012 http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_pow erpc.deb
Re: Log file IDS package?
On Wed, Jan 12, 2005 at 04:57:41PM +1100, Andrew Pollock wrote: Hi, I've done some cursory apt-cache searching, and nothing's jumped out at me... Have you read this? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-log-alerts Logcheck is more or less the standard way of doing this in Debian although others like alternative logchecking tools. I've been meaning to look at btail (a bayesian log filter that could probably make it easier to generate the logcheck ignore patters, see http://www.vanheusden.com/btail/. Also LoGS (http://savannah.nongnu.org/projects/logs/) might be of interested (still in active development, looks promising) Note that the URL that the document points to (Counterpane's) is not current, it should be http://www.loganalysis.org/ (wonderful source of log analysis information maintained by Tina Bird, of Standfor University) This is actually fixed in the document source (CVS) but it has not yet propagated to the online version :-( I want to tarpit excessive SSH login failures. You might want to review the discussion on this we had at this same list, available at http://lists.debian.org/debian-security/2004/10/msg00118.html (I'm not sure the PAM module developed by Kevin is useful for you, but the thread has a lot of suggestions from many people, me includd). Check out also http://ethernet.org/~brian/src/timelox/ which might or might not do what you are looking for (found this while reading http://seclists.org/lists/incidents/2004/Dec/0039.html, which is also an interesting read) Hope that helps Javier signature.asc Description: Digital signature
Re: Log file IDS package?
On Wed, 2005-01-12 at 16:57 +1100, Andrew Pollock wrote: Hi, I've done some cursory apt-cache searching, and nothing's jumped out at me... Is there software in Debian that will do something along the lines of a tail -f of a given logfile, looking for supplied regexs and do custom actions on matches? I want to tarpit excessive SSH login failures. Are you talking about the recent (since July 27th 2004) brute force ssh attempts? The ones with NO_USER attached to them? things like this: Jan 10 23:52:45 knight sshd[12863]: Failed password for illegal user test from 220.75.202.225 port 35881 ssh2 Jan 10 23:52:51 knight sshd[12865]: Failed password for illegal user guest from 220.75.202.225 port 35973 ssh2 Jan 10 23:52:55 knight sshd[12867]: Failed password for admin from 220.75.202.225 port 36117 ssh2 Jan 10 23:52:57 knight sshd[12869]: Failed password for admin from 220.75.202.225 port 36212 ssh2 Jan 10 23:53:00 knight sshd[12871]: Failed password for illegal user user from 220.75.202.225 port 36284 ssh2 Jan 10 23:53:03 knight sshd[12873]: Failed password for root from 220.75.202.225 port 36367 ssh2 Jan 10 23:53:07 knight sshd[12882]: Failed password for root from 220.75.202.225 port 36457 ssh2 Jan 10 23:52:45 knight sshd[12863]: Illegal user test from 220.75.202.225 Jan 10 23:52:45 knight sshd[12863]: error: Could not get shadow information for NOUSER Jan 10 23:52:50 knight sshd[12865]: Illegal user guest from 220.75.202.225 Jan 10 23:52:51 knight sshd[12865]: error: Could not get shadow information for NOUSER Jan 10 23:53:00 knight sshd[12871]: Illegal user user from 220.75.202.225 Jan 10 23:53:00 knight sshd[12871]: error: Could not get shadow information for NOUSER Or something else? If it is that... well unless you are doing something stupid for passwords, you really shouldn't worry about it. This goes back to tarpit setups for mail... it won't stop them, just increase number of connections you'll have tied up, possibly DoS style. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part
CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Greetings, things seem to be in a rush right now, and I'm looking for a little overview. In the past 1-2 months several kernel exploits rushed through the news that might / can / probably will affect debian stable. However, I haven't seen any signle DSA regarding the following issues: Can you please give me an overview: Which problems do affected kernel-source-2,4.18? - If so, what is the current status of the according DSA? Because of running an terminal-Server I'd like to know, what's going on at these issues. Thanks in advance, Keep smiling yanosz CAN-2005-0001 Linux kernel i386 SMP page fault handler privilege escalation: http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt (I'm not runnig SMP ;) CAN-2004-1235 Linux kernel uselib() privilege elevation http://isec.pl/vulnerabilities/isec-0021-uselib.txt (Sounds scary PoC Code is included, seems to be discussed here) CAN-2004-1137 Linux kernel IGMP vulnerabilities (Sounds really scary. Are we effected? Debian Woody seems to be uneffected, but what about sarge / sid?) http://isec.pl/vulnerabilities/isec-0018-igmp.txt CAN-2004-1016 Linux kernel scm_send local DoS http://isec.pl/vulnerabilities/isec-0019-scm.txt Georgi Guninski security advisory #72, 2004 Fun with the linux kernel (2.6,2.4) http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html grsecurity 2.1.0 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0070.html gives on scary / FUD-ish view on the linux kernel. Without discussing their thesis in detail, are patches available? Is kernel-source-2.4.18 affected? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Jan Lhr wrote: Greetings, things seem to be in a rush right now, and I'm looking for a little overview. In the past 1-2 months several kernel exploits rushed through the news that might / can / probably will affect debian stable. However, I haven't seen any signle DSA regarding the following issues: Can you please give me an overview: Which problems do affected kernel-source-2,4.18? - If so, what is the current status of the according DSA? Because of running an terminal-Server I'd like to know, what's going on at these issues. Add CAN-2004-0554 as well--bug #261521 has been open against kernel-image-2.4.18-1-i386 (but not against kernel-image-2.4.18-i386) since July wish no updates. I believe someone posted here a few months ago asking about the bug, and was told that updates were being prepared--but that has not yet happened. :( Thanks in advance, Keep smiling yanosz -- Regards, Sam Morris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
UNSUBSCRIBE
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Jan Lühr wrote: things seem to be in a rush right now, and I'm looking for a little overview. In the past 1-2 months several kernel exploits rushed through the news that might / can / probably will affect debian stable. However, I haven't seen any signle DSA regarding the following issues: Can you please give me an overview: Which problems do affected kernel-source-2,4.18? - If so, what is the current status of the according DSA? I'm afraid that I can only tell you the status of 2.6.8 and 2.4.27 in unstable/testing. AFAIK there have not been DSAs for any of these to fix stable, and I don't know which ones really affect stable. Probably most of them. Some of the information below may be incorrect, the kernel team knows better than I. CAN-2005-0001 Linux kernel i386 SMP page fault handler privilege escalation: http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt (I'm not runnig SMP ;) The kernel team are aware of it, I expect a fix will be uploaded soon for unstable. CAN-2004-1235 Linux kernel uselib() privilege elevation http://isec.pl/vulnerabilities/isec-0021-uselib.txt (Sounds scary PoC Code is included, seems to be discussed here) Fixed in kernel-source-2.6.8 2.6.9-5 and kernel-source-2.4.27 2.4.27-8 (which should be released today or so), and the kernel-image packages indirectly built from them. CAN-2004-1137 Linux kernel IGMP vulnerabilities (Sounds really scary. Are we effected? Debian Woody seems to be uneffected, but what about sarge / sid?) http://isec.pl/vulnerabilities/isec-0018-igmp.txt Fixed in kernel-source-2.4.27 2.4.27-7. CAN-2004-1016 Linux kernel scm_send local DoS http://isec.pl/vulnerabilities/isec-0019-scm.txt Also fixed in kernel-source-2.4.27 2.4.27-7. Georgi Guninski security advisory #72, 2004 Fun with the linux kernel (2.6,2.4) http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html This is CAN-2004-1333 and was fixed in kernel-source-2.6.8 2.6.8-11. AFAIK 2.4 is not yet fixed. grsecurity 2.1.0 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0070.html gives on scary / FUD-ish view on the linux kernel. Without discussing their thesis in detail, are patches available? Is kernel-source-2.4.18 affected? I don't think CANs have yet been assigned for those holes. A few others you left out: CAN-2004-1337 Apparently only affects 2.6, we're not very vulnerable since the module is loaded by the initrd. Not yet fixed. CAN-2004-1335 Fixed in kernel-source-2.6.8. 2.4 is not fixed. CAN-2004-1234 Does not affect sarge since we have a kernel 2.4.25. CAN-2004-1191 Should not affect our 2.4 kernel since it was fixed in 2.4.27. Probably our 2.6.8 kernel is vulnerable. CAN-2004-1190 Could be SuSE specific, unclear and not enough info. CAN-2004-1151 My notes indicate that this was fixed in svn at some point, but I can't find the fix now. CAN-2004-1144 Amd64 specific, don't know if we're vulnerable. CAN-2004-1074 Fixed in kernel-source-2.6.8 2.6.8-11, kernel-source-2.4.27 2.4.27-7, and te binary packages uild from them. CAN-2004-1073 CAN-2004-1072 CAN-2004-1071 CAN-2004-1070 2.6.8 and 2.4.27 are not vulnerable to these. CAN-2004-1069 Only affects 2.6. Fixed in kernel-source-2.6.8 2.6.8-11. CAN-2004-1068 Fixed in kernel-source-2.4.27 2.4.27-7, kernel-source-2.6.8 2.6.8-11. CAN-2004-1058 AFAIK it's unfixed. CAN-2004-1056 Fixed in kernel-source-2.4.27 2.4.27-8 (not yet released), kernel-source-2.6.8 2.6.8-11. CAN-2004-1017 Unknown. CAN-2004-1016 Fixed in kernel-image-2.4.27-i386 2.4.27-7. CAN-2004-0949 Fixed in 2.4.27, but 2.6.8 may still be vulnerable. CAN-2004-0887 s390 specific. Fixed in linux-kernel-image-2.6.8-s390 2.6.8-3, kernel-source-2.6.8 2.6.8-10 CAN-2004-0883 Unknown. CAN-2004-0814 Fixed in kernel-source-2.6.8 2.6.8-8, kernel-source-2.4.27 2.4.27-7 CAN-2004-0813 Fixed in recent 2.6 and 2.4 kernels. CAN-2004-0685 Unknown. CAN-2004-0596 Unknown. CAN-2003-0465 May be unfixed in our 2.4.27 kernel on some arches (bug #280492) i386 and ppc32 are ok. 2.6 fixed. -- see shy jo, wondering when the kernel security silly season closes signature.asc Description: Digital signature
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Greetings, Am Mittwoch, 12. Januar 2005 18:27 schrieb Sam Morris: Jan Lhr wrote: Greetings, things seem to be in a rush right now, and I'm looking for a little overview. In the past 1-2 months several kernel exploits rushed through the news that might / can / probably will affect debian stable. However, I haven't seen any signle DSA regarding the following issues: Can you please give me an overview: Which problems do affected kernel-source-2,4.18? - If so, what is the current status of the according DSA? Because of running an terminal-Server I'd like to know, what's going on at these issues. Add CAN-2004-0554 as well--bug #261521 has been open against kernel-image-2.4.18-1-i386 (but not against kernel-image-2.4.18-i386) since July wish no updates. Uhoh. I tend to use 4-letter words, but this would be highly inappropriate. If it's true, can someone from the official security / kernel team post an official statement on this issue, please? It was scared, when I saw a CAN Id from 1999 in 2004 when a squid bug was fixed, but this quite serious. But anyway, it's not my point to critize the work of the teams. I don't know how to fix it, I don't the reasons for not fixing it already. @who-ever-is-in-charge-with this. Please state your reasons and give a view on comming DSAs. I believe someone posted here a few months ago asking about the bug, and was told that updates were being prepared--but that has not yet happened. :( Release Sarge! - and I will switch to testing using the freebsd kernel. Hopefully, things are not that mad then :-( keep smiling yanosz
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Greetings, Am Mittwoch, 12. Januar 2005 20:32 schrieb Joey Hess: Jan Lühr wrote: things seem to be in a rush right now, and I'm looking for a little overview. In the past 1-2 months several kernel exploits rushed through the news that might / can / probably will affect debian stable. However, I haven't seen any signle DSA regarding the following issues: Can you please give me an overview: Which problems do affected kernel-source-2,4.18? - If so, what is the current status of the according DSA? I'm afraid that I can only tell you the status of 2.6.8 and 2.4.27 in unstable/testing. AFAIK there have not been DSAs for any of these to fix stable, and I don't know which ones really affect stable. Probably most of them. Some of the information below may be incorrect, the kernel team knows better than I. (...) Interesting and helpful information not quoted for better reading. A few others you left out: Thanks for your help, the topic is quite wide-spreded, and I'm a part time network administrator.. Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of 2.4.18 from woody? CAN-2004-1337 Apparently only affects 2.6, we're not very vulnerable since the module is loaded by the initrd. Not yet fixed. CAN-2004-1335 Fixed in kernel-source-2.6.8. 2.4 is not fixed. CAN-2004-1234 Does not affect sarge since we have a kernel 2.4.25. CAN-2004-1191 Should not affect our 2.4 kernel since it was fixed in 2.4.27. Probably our 2.6.8 kernel is vulnerable. CAN-2004-1190 Could be SuSE specific, unclear and not enough info. CAN-2004-1151 My notes indicate that this was fixed in svn at some point, but I can't find the fix now. CAN-2004-1144 Amd64 specific, don't know if we're vulnerable. CAN-2004-1074 Fixed in kernel-source-2.6.8 2.6.8-11, kernel-source-2.4.27 2.4.27-7, and te binary packages uild from them. CAN-2004-1073 CAN-2004-1072 CAN-2004-1071 CAN-2004-1070 2.6.8 and 2.4.27 are not vulnerable to these. CAN-2004-1069 Only affects 2.6. Fixed in kernel-source-2.6.8 2.6.8-11. CAN-2004-1068 Fixed in kernel-source-2.4.27 2.4.27-7, kernel-source-2.6.8 2.6.8-11. CAN-2004-1058 AFAIK it's unfixed. CAN-2004-1056 Fixed in kernel-source-2.4.27 2.4.27-8 (not yet released), kernel-source-2.6.8 2.6.8-11. CAN-2004-1017 Unknown. CAN-2004-1016 Fixed in kernel-image-2.4.27-i386 2.4.27-7. CAN-2004-0949 Fixed in 2.4.27, but 2.6.8 may still be vulnerable. CAN-2004-0887 s390 specific. Fixed in linux-kernel-image-2.6.8-s390 2.6.8-3, kernel-source-2.6.8 2.6.8-10 CAN-2004-0883 Unknown. CAN-2004-0814 Fixed in kernel-source-2.6.8 2.6.8-8, kernel-source-2.4.27 2.4.27-7 CAN-2004-0813 Fixed in recent 2.6 and 2.4 kernels. CAN-2004-0685 Unknown. CAN-2004-0596 Unknown. CAN-2003-0465 May be unfixed in our 2.4.27 kernel on some arches (bug #280492) i386 and ppc32 are ok. 2.6 fixed. Thanks for your help. I'll look for information on this tomorrow. Is all information available, (as far as I need 'em to check whether it concerns me) or is it kept under disclosure? Keep smiling yanosz