Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian 4.0 DSA 1289-1 Critical: DoS Risks in Linux Kernel 2.6.18

debian
Calendar Grey May 13, 2007
Debian Logo
Update Debian kernel 2.6.18 to patch several security flaws, mitigating potential DoS threats.
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code

Summary


Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.
A remote attacker can cause a NULL pointer dereference in the
nfnetlink_log function.


CVE-2007-1497

Patrick McHardy reported an vulnerability in netfilter that may
allow attackers to bypass certain firewall rules. The nfctinfo
value of reassembled IPv6 packet fragments were incorrectly initalized
to 0 which allowed these packets to become tracked as ESTABLISHED.

CVE-2007-1861

Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were
incorrectly routed back to the kernel resulting in an infinite
recursion condition. Local users can exploit this behavior
to cause a DoS (crash).

This problem has been fixed in the stable distribution in version
2.6.18.dfsg.1-12etch2.

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here