Hi,
In SuSE Security Announcement: kernel (SuSE-SA:2003:034) there is a list of fixes for the 2.4 kernel. Unfortunately, the descriptions of the different problems are very short and no CVE or Cert references are added :-/
I'm wondering whether the following two problems are security related, or actually just bugs:
-fix problem with ecc reporting garbage in /proc/ram -fix console redirect bug
Does anyone have any idea of what is actually the problem and what the security impact would be?
Both of them are only very loosely security-related. They have been mentioned in the description for completeness and for some people who have asked us to fix these bugs. This way they can easily see that the issues have been addressed.
Thanks, Roman.
There are issues mentioned @ netfilter.org for 2.4.20 kernels: http://www.netfilter.org/security/2003-08-01-nat-sack.html http://www.netfilter.org/security/2003-08-01-listadd.html The first issue is with NAT (in use for routers with dsl), the second one with connection tracking (in use for simple or complex firewallscripts). With both issues you can crash a server, the connection tracking issue is the bigger problem, because many firewallscripts use this one! For further information you have to search here: http://www.securityfocus.com/ http://www.securiteam.com/ http://www.cert.org/ Philippe