The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow malicious users to cause a denial of service.
The IA-64 maintainers fixed several security related bugs in the Linux
kernel 2417 used for the IA-64 architecture, mostly by backporting
fixes from 2418 The corrections are listed below with the
identification from the Common Vulnerabilities and Exposures (CVE)
project:
CAN-2003-0001:
Multiple ethernet network interface card (NIC) device ...
A number of vulnerabilities have been discovered in the Linux kernel
CAN-2003-0461: /proc/tty/driver/serial in Linux 24x reveals the
exact number of characters used in serial links, which could allow
local users to obtain potentially sensitive information such as the
length of passwords This bug has been fixed by restricting access
to ...