netfilter: SECURITY ALERT FROM NETFILTER TEAM

cerb · Tux's lil' helper Joined: 28 Jun 2002 Posts: 89

the netfilter team has released two warnings about severe security issues with conn-tracking and NAT:

http://netfilter.org/security/2003-08-01-listadd.html

http://netfilter.org/security/2003-08-01-nat-sack.html

these only affect kernel 2.4.20 - and since 2.4.20-gentoo-r5 was around for a long time, i am wondering if the fixes (known to exist for months as it seems) have been implemented yet? or will there be a 2.4.21-gentoo-rsomething ebuild soon?

-c
_________________
Linux is a wigwam - no Windows, no Gates, Apache inside :-)

cerb · Tux's lil' helper Joined: 28 Jun 2002 Posts: 89

doesn't this affect *anybody* ?
_________________
Linux is a wigwam - no Windows, no Gates, Apache inside :-)

patrickfo · Posted: Tue Aug 05, 2003 11:58 am Post subject: patch certainly applied

i you download the proposed patch from the first link and try to apply it with patch --dry-run you will see that it is applied on gentoo-sources
patrick

cerb · Tux's lil' helper Joined: 28 Jun 2002 Posts: 89

thanks
_________________
Linux is a wigwam - no Windows, no Gates, Apache inside :-)

Simba · n00b Joined: 08 Nov 2002 Posts: 60

But my last kernel xfs-sources vers. 2.4.20-r3 still doesn't have this patch!

(

patrickfo · Posted: Wed Aug 06, 2003 4:27 pm Post subject: arghh!!!

you can cut and paste the patch to a file, say netfilter.patch...
then do :
cd /usr/src/linux
cat netfilter.patch | patch -p1 -E --dry-run
and if all is ok ( no errors founds...), you re do it without the --dry-run option
and then rebuild your kernel...
good-luck
patrick