Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux: Important Kernel Security Fix for SL5.x Denial of Service

Calendar May 21, 2007 User Avatar LinuxSecurity Advisories
4 - 7 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security update bug fix kernel security Scientific Linux network amplification
Important: kernel security and bug fix update 
Date: Mon, 21 May 2007 16:00:47 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for kernel on SL5.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Important: kernel security and bug fix update
Issue date:	2007-05-16
CVE Names:	CVE-2007-1496 CVE-2007-1497 CVE-2007-1592
		CVE-2007-1861 CVE-2007-2172 CVE-2007-2242

These new kernel packages contain fixes for the following security issues:

* a flaw in the handling of IPv6 type 0 routing headers that allowed
remote users to cause a denial of service that led to a network
amplification between two routers (CVE-2007-2242, Important).

* a flaw in the nfnetlink_log netfilter module that allowed a local user
to cause a denial of service (CVE-2007-1496, Important).

* a flaw in the flow list of listening IPv6 sockets that allowed a local
user to cause a denial of service (CVE-2007-1592, Important).

* a flaw in the handling of netlink messages that allowed a local user
to cause a denial of service (infinite recursion) (CVE-2007-1861,
Important).

* a flaw in the IPv4 forwarding base that allowed a local user to cause
an out-of-bounds access (CVE-2007-2172, Important).

* a flaw in the nf_conntrack netfilter module for IPv6 that allowed
remote users to bypass certain netfilter rules using IPv6 fragments
(CVE-2007-1497, Moderate).

In addition to the security issues described above, fixes for the
following have been included:

* a regression in ipv6 routing.

* an error in memory initialization that caused gdb to output inaccurate
backtraces on ia64.

* the nmi watchdog timeout was updated from 5 to 30 seconds.

* a flaw in distributed lock management that could result in errors
during virtual machine migration.

* an omitted include in kernel-headers that led to compile failures for
some packages.

 SRPMS:
	kernel-2.6.18-8.1.4.el5.src.rpm

 i386:
	kernel-2.6.18-8.1.4.el5.i686.rpm
	kernel-devel-2.6.18-8.1.4.el5.i686.rpm
	kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
	kernel-headers-2.6.18-8.1.4.el5.i386.rpm
	kernel-PAE-2.6.18-8.1.4.el5.i686.rpm
	kernel-PAE-devel-2.6.18-8.1.4.el5.i686.rpm
	kernel-xen-2.6.18-8.1.4.el5.i686.rpm
	kernel-xen-devel-2.6.18-8.1.4.el5.i686.rpm
 Dependancies:
 kernel-module-fuse-2.6.18-8.1.4.el5-2.6.3-1.el5.i686.rpm
 kernel-module-fuse-2.6.18-8.1.4.el5PAE-2.6.3-1.el5.i686.rpm
 kernel-module-fuse-2.6.18-8.1.4.el5xen-2.6.3-1.el5.i686.rpm
 kernel-module-ipw3945-2.6.18-8.1.4.el5-1.2.0-1.sl5.i686.rpm
 kernel-module-ipw3945-2.6.18-8.1.4.el5PAE-1.2.0-1.sl5.i686.rpm
 kernel-module-ipw3945-2.6.18-8.1.4.el5xen-1.2.0-1.sl5.i686.rpm
 kernel-module-madwifi-2.6.18-8.1.4.el5-0.9.3-10.sl5.i686.rpm
 kernel-module-madwifi-2.6.18-8.1.4.el5PAE-0.9.3-10.sl5.i686.rpm
 kernel-module-madwifi-2.6.18-8.1.4.el5xen-0.9.3-10.sl5.i686.rpm
 kernel-module-madwifi-hal-2.6.18-8.1.4.el5-0.9.3-10.sl5.i686.rpm
 kernel-module-madwifi-hal-2.6.18-8.1.4.el5PAE-0.9.3-10.sl5.i686.rpm
 kernel-module-madwifi-hal-2.6.18-8.1.4.el5xen-0.9.3-10.sl5.i686.rpm
 kernel-module-ndiswrapper-2.6.18-8.1.4.el5-1.41-1.SL.i686.rpm
 kernel-module-ndiswrapper-2.6.18-8.1.4.el5PAE-1.41-1.SL.i686.rpm
 kernel-module-ndiswrapper-2.6.18-8.1.4.el5xen-1.41-1.SL.i686.rpm
 kernel-module-openafs-2.6.18-8.1.4.el5-1.4.4-42.SL5.i686.rpm
 kernel-module-openafs-2.6.18-8.1.4.el5PAE-1.4.4-42.SL5.i686.rpm
 kernel-module-openafs-2.6.18-8.1.4.el5xen-1.4.4-42.SL5.i686.rpm
 kernel-module-r1000-2.6.18-8.1.4.el5-1.05-1.sl.i686.rpm
 kernel-module-r1000-2.6.18-8.1.4.el5PAE-1.05-1.sl.i686.rpm
 kernel-module-r1000-2.6.18-8.1.4.el5xen-1.05-1.sl.i686.rpm
 kmod-gfs-0.1.16-5.2.6.18_8.1.4.el5.i686.rpm
 kmod-gfs-PAE-0.1.16-5.2.6.18_8.1.4.el5.i686.rpm
 kmod-gfs-xen-0.1.16-5.2.6.18_8.1.4.el5.i686.rpm
 kmod-gnbd-0.1.3-4.2.6.18_8.1.4.el5.i686.rpm
 kmod-gnbd-PAE-0.1.3-4.2.6.18_8.1.4.el5.i686.rpm
 kmod-gnbd-xen-0.1.3-4.2.6.18_8.1.4.el5.i686.rpm

 x86_64:
	kernel-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-debuginfo-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-debuginfo-common-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-devel-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-headers-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-xen-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-xen-debuginfo-2.6.18-8.1.4.el5.x86_64.rpm
	kernel-xen-devel-2.6.18-8.1.4.el5.x86_64.rpm
 Dependancies:
 kernel-module-fuse-2.6.18-8.1.4.el5-2.6.3-1.sl5.x86_64.rpm
 kernel-module-fuse-2.6.18-8.1.4.el5xen-2.6.3-1.sl5.x86_64.rpm
 kernel-module-ipw3945-2.6.18-8.1.4.el5-1.2.0-1.sl5.x86_64.rpm
 kernel-module-ipw3945-2.6.18-8.1.4.el5xen-1.2.0-1.sl5.x86_64.rpm
 kernel-module-madwifi-2.6.18-8.1.4.el5-0.9.3-10.sl5.x86_64.rpm
 kernel-module-madwifi-2.6.18-8.1.4.el5xen-0.9.3-10.sl5.x86_64.rpm
 kernel-module-madwifi-hal-2.6.18-8.1.4.el5-0.9.3-10.sl5.x86_64.rpm
 kernel-module-madwifi-hal-2.6.18-8.1.4.el5xen-0.9.3-10.sl5.x86_64.rpm
 kernel-module-ndiswrapper-2.6.18-8.1.4.el5-1.41-1.SL.x86_64.rpm
 kernel-module-ndiswrapper-2.6.18-8.1.4.el5xen-1.41-1.SL.x86_64.rpm
 kernel-module-openafs-2.6.18-8.1.4.el5-1.4.4-42.SL5.x86_64.rpm
 kernel-module-openafs-2.6.18-8.1.4.el5xen-1.4.4-42.SL5.x86_64.rpm
 kernel-module-r1000-2.6.18-8.1.4.el5-1.05-1.sl.x86_64.rpm
 kernel-module-r1000-2.6.18-8.1.4.el5xen-1.05-1.sl.x86_64.rpm
 kmod-gfs-0.1.16-5.2.6.18_8.1.4.el5.x86_64.rpm
 kmod-gfs-xen-0.1.16-5.2.6.18_8.1.4.el5.x86_64.rpm
 kmod-gnbd-0.1.3-4.2.6.18_8.1.4.el5.x86_64.rpm
 kmod-gnbd-xen-0.1.3-4.2.6.18_8.1.4.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson
Your message here