Get the LinuxSecurity news you want faster with RSS
Powered By
Gentoo: multiple vulnerabilities
Posted by LinuxSecurity.com Team
There are multiple vulnerabilities in Gentoo Linux source tree.
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200308-01
- - - ---------------------------------------------------------------------
PACKAGE : gentoo-sources
SUMMARY : multiple vulnerabilities
DATE : 2003-08-14 12:16 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =gentoo-sources-2.4.20-r6
CVE : CAN-2003-0244 CAN-2003-0246 CAN-2003-0462
- - - ---------------------------------------------------------------------
- - quotes from CVE:
"The route cache implementation in Linux 2.4, and the Netfilter IP
conntrack module, allows remote attackers to cause a denial of service
(CPU consumption) via packets with forged source addresses that cause a
large number of hash table collisions."
"The ioperm system call in Linux kernel 2.4.20 and earlier does not
properly restrict privileges, which allows local users to gain read or
write access to certain I/O ports."
"A race condition in the way env_start and env_end pointers are
initialized in the execve system call and used in fs/proc/base.c on
Linux 2.4 allows local users to cause a denial of service (crash)."
SOLUTION
It is recommended that all Gentoo Linux users who are running
sys-kernel/gentoo-sources upgrade to gentoo-sources-2.4.20-r6 as follows
emerge sync
emerge gentoo-sources
emerge clean
After that, compile, install and reboot your computer to complete
the upgrade.
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
