Secunia

Description

Debian has issued updated packages for the kernel. These fix multiple vulnerabilities, which are listed below.

1) The iBCS routines in Linux kernels 2.4.18 and earlier on x86 systems allow malicious, local users to kill arbitrary processes.

2) Many ethernet NIC (Network Interface Card) device drivers pad frames with content from previous packets or kernel memory instead of using NULL-bytes. This may be exploited by malicious people to obtain potentially sensitive information by sending specially crafted packets to a vulnerable system.

3) An error in ptrace can be exploited by malicious, local users to escalate their privileges to "root" on a vulnerable system.

4) An error in the way that the Linux Kernel handles caching of routing information can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system.

5) An error in the "ioperm" system call can allow unprivileged, local users to gain read and write access to I/O ports in the I/O address range 0x000-0x3FF (0-1023) on a system, which includes access to serial ports, parallel port, diskette drive controller, graphics controller, and keyboard.

6) An unspecified error in the TTY layer allows malicious people to cause a DoS.

7) An error in the "mxcsr" code allows manipulation of CPU state registers.

8) An error in the TCP/IP fragment reassembly handling, which allows malicious people to cause many hash table collisions leading to a DoS.


For more information:
http://secunia.com/advisories/8337/
http://secunia.com/advisories/8786/
http://secunia.com/advisories/8823/
http://secunia.com/advisories/8936/

Solution
Debian has released updated packages for the i386 (Intel IA32) architectures.
Further details available in Customer Area

Original Advisory
http://www.debian.org/security/2003/dsa-311

Deep Links
Links available in Customer Area