On Fri, 2006-02-10 at 14:55 +0100, Trustix Security Advisor wrote: > kernel < TSL 3.0 > < TSL 2.2 > < TSEL 2 > > - SECURITY Fix: Linux kernel before 2.6.15.3 down to 2.6.12, while > constructing an ICMP response, does not properly handle when the > ip_options_echo function in icmp.c fails, which allows remote attackers > to cause a denial of service (crash) via vectors such as (1) record-route > and (2) timestamp IP options with the needaddr bit set and a truncated > value. > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CVE-2006-0454 to this issue. > > - SECURITY Fix: Linus Torvalds: Fix outstanding gzip/zlib security issues. > - SECURITY Fix: Disallows local users to write to privileged IO ports > via OUTS instruction isofs driver ignore parameters. > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CVE-2005-0204 to this issue. > > e08674bf01458204ab539f66f53d75ad > 3.0/rpms/kernel-2.6.15.3-1tr.i586.rpmi586.rpm > 8eb35f0a3bab09ce3a65144133ef56ac 3.0/rpms/kernel-smp-2.6.15.3-1tr.i586.rpm
> 367716e7f9dc6ce54eda75325a490821 2.2/rpms/kernel-2.4.32-1tr.i586.rpm > 1a717277e2473be23c73be9c9451dc10 2.2/rpms/kernel-smp-2.4.32-1tr.i586.rpm Is there a typo in the above? The first section's header says that tsl-2.2 and tsl-3.0 are affected, but the description says only kernel-2.6, which doesn't apply to tsl-2.2, but there are updates for tsl-2.2 as a kernel-2.4 anyway? -- Andy Bakun <[EMAIL PROTECTED]> _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
