Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.
A remote attacker can cause a NULL pointer dereference in the
nfnetlink_log function.
CVE-2007-1497
Patrick McHardy reported an vulnerability in netfilter that may
allow attackers to bypass certain firewall rules. The nfctinfo
value of reassembled IPv6 packet fragments were incorrectly initalized
to 0 which allowed these packets to become tracked as ESTABLISHED.
CVE-2007-1861
Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were
incorrectly routed back to the kernel resulting in an infinite
recursion condition. Local users can exploit this behavior
to cause a DoS (crash).
This problem has been fixed in the stable distribution in version
2.6.18.dfsg.1-12etch2.
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels ...
Get the latest Linux and open source security news straight to your inbox.