Debian 3.0: DSA 423-1 Critical: Kernel Security Issues Resolved

The IA-64 maintainers fixed several security related bugs in the Linux
kernel 2.4.17 used for the IA-64 architecture, mostly by backporting
fixes from 2.4.18. The corrections are listed below with the
identification from the Common Vulnerabilities and Exposures (CVE)
project:

CAN-2003-0001:

Multiple ethernet network interface card (NIC) device drivers do
not pad frames with null bytes, which allows remote attackers to
obtain information from previous packets or kernel memory by using
malformed packets, as demonstrated by Etherleak.

CAN-2003-0018:

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle
the O_DIRECT feature, which allows local attackers with write
privileges to read portions of previously deleted files, or cause
file system corruption.

CAN-2003-0127:

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and
2.4.x before 2.4.21, allows local users to gain root privileges
by using ptrace to attach to a child process which is s...