Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0140
HistoryJan 19, 2006 - 10:25 p.m.

kernel security update

2006-01-1922:25:06
CentOS Project
lists.centos.org
63

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.055 Low

EPSS

Percentile

93.1%

JSON

CentOS Errata and Security Advisory CESA-2006:0140

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

  • a flaw in network IGMP processing that a allowed a remote user on the
    local network to cause a denial of service (disabling of multicast reports)
    if the system is running multicast applications (CVE-2002-2185, moderate)

  • a flaw in remap_page_range() with O_DIRECT writes that allowed a local
    user to cause a denial of service (crash) (CVE-2004-1057, important)

  • a flaw in exec() handling on some 64-bit architectures that allowed
    a local user to cause a denial of service (crash) (CVE-2005-2708, important)

  • a flaw in procfs handling during unloading of modules that allowed a
    local user to cause a denial of service or potentially gain privileges
    (CVE-2005-2709, moderate)

  • a flaw in IPv6 network UDP port hash table lookups that allowed a local
    user to cause a denial of service (hang) (CVE-2005-2973, important)

  • a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
    a local user to cause a denial of service (crash) (CVE-2005-3044, important)

  • a network buffer info leak using the orinoco driver that allowed
    a remote user to possibly view uninitialized data (CVE-2005-3180, important)

  • a flaw in IPv4 network TCP and UDP netfilter handling that allowed
    a local user to cause a denial of service (crash) (CVE-2005-3275, important)

  • a flaw in the IPv6 flowlabel code that allowed a local user to cause a
    denial of service (crash) (CVE-2005-3806, important)

  • a flaw in network ICMP processing that allowed a local user to cause
    a denial of service (memory exhaustion) (CVE-2005-3848, important)

  • a flaw in file lease time-out handling that allowed a local user to cause
    a denial of service (log file overflow) (CVE-2005-3857, moderate)

  • a flaw in network IPv6 xfrm handling that allowed a local user to
    cause a denial of service (memory exhaustion) (CVE-2005-3858, important)

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-January/074751.html
https://lists.centos.org/pipermail/centos-announce/2006-January/074752.html
https://lists.centos.org/pipermail/centos-announce/2006-January/074755.html
https://lists.centos.org/pipermail/centos-announce/2006-January/074763.html

Affected packages:
kernel
kernel-BOOT
kernel-doc
kernel-hugemem
kernel-hugemem-unsupported
kernel-smp
kernel-smp-unsupported
kernel-source
kernel-unsupported

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0140

OSVersionArchitecturePackageVersionFilename
CentOS3i586kernel<Β 2.4.21-37.0.1.ELkernel-2.4.21-37.0.1.EL.i586.rpm
CentOS3i686kernel<Β 2.4.21-37.0.1.ELkernel-2.4.21-37.0.1.EL.i686.rpm
CentOS3i386kernel-boot<Β 2.4.21-37.0.1.ELkernel-BOOT-2.4.21-37.0.1.EL.i386.rpm
CentOS3i386kernel-doc<Β 2.4.21-37.0.1.ELkernel-doc-2.4.21-37.0.1.EL.i386.rpm
CentOS3i686kernel-hugemem<Β 2.4.21-37.0.1.ELkernel-hugemem-2.4.21-37.0.1.EL.i686.rpm
CentOS3i686kernel-hugemem-unsupported<Β 2.4.21-37.0.1.ELkernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm
CentOS3i686kernel-smp<Β 2.4.21-37.0.1.ELkernel-smp-2.4.21-37.0.1.EL.i686.rpm
CentOS3i686kernel-smp-unsupported<Β 2.4.21-37.0.1.ELkernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm
CentOS3i386kernel-source<Β 2.4.21-37.0.1.ELkernel-source-2.4.21-37.0.1.EL.i386.rpm
CentOS3i586kernel-unsupported<Β 2.4.21-37.0.1.ELkernel-unsupported-2.4.21-37.0.1.EL.i586.rpm
Rows per page:
1-10 of 351

Related

nessus 30
redhat 9
centos 5
debian 9
openvas 14
osv 4
ubuntu 3
suse 3
cve 14
seebug 5
ubuntucve 11
exploitpack 2
exploitdb 2
prion 1
securityvulns 4
nessus
nessus
CentOS 3 : kernel (CESA-2006:0140)
2006-07-03 00:00:00
RHEL 3 : kernel (RHSA-2006:0140)
2006-01-20 00:00:00
RHEL 2.1 : kernel (RHSA-2006:0191)
2006-02-05 00:00:00
redhat
redhat
(RHSA-2006:0140) kernel security update
2006-01-19 00:00:00
(RHSA-2006:0190) kernel security update
2006-02-01 00:00:00
(RHSA-2006:0191) kernel security update
2006-02-01 00:00:00
centos
centos
kernel security update
2006-02-02 22:07:50
kernel security update
2006-01-18 00:05:51
kernel security update
2005-10-27 22:33:15
debian
debian
[SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities
2006-04-05 07:45:22
[SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities
2006-03-24 06:47:40
[SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities
2006-03-24 06:47:40
openvas
openvas
Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)
2008-01-17 00:00:00
Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1018-1)
2008-01-17 00:00:00
osv
osv
kernel-source-2.4.27 - several
2006-03-24 00:00:00
kernel-source-2.6.8 - several
2006-03-23 00:00:00
kernel-source-2.4.27 - several
2005-12-14 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-11-22 00:00:00
Linux kernel vulnerabilities
2005-12-23 00:00:00
Linux kernel vulnerabilities
2005-09-25 00:00:00
suse
suse
denial of service in kernel
2005-12-06 11:35:56
denial of service in kernel
2005-12-14 15:10:59
various security problems in kernel
2006-02-27 14:26:20
cve
cve
CVE-2002-2185
2002-12-31 05:00:00
CVE-2005-3275
2005-10-21 01:02:00
CVE-2004-1057
2005-01-21 05:00:00
seebug
seebug
Linux Kernel SysctlζŽ₯ε£ζ³¨ι”€ζœ¬εœ°ζ‹’η»ζœεŠ‘ζΌζ΄ž
2006-08-17 00:00:00
Linux Kernel IP6_Input_FinishθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2006-08-17 00:00:00
Linux Kernel ICMP_Push_ReplyθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2006-08-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-2709
2005-11-20 00:00:00
CVE-2004-1057
2005-01-21 00:00:00
CVE-2005-3275
2005-10-21 00:00:00
exploitpack
exploitpack
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
2005-11-09 00:00:00
Linux Kernel 2.6.x - IPv6 Local Denial of Service
2005-10-20 00:00:00
exploitdb
exploitdb
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
2005-11-09 00:00:00
Linux Kernel 2.6.x - IPv6 Local Denial of Service
2005-10-20 00:00:00
prion
prion
Design/Logic Flaw
2007-06-26 18:30:00
securityvulns
securityvulns
[Full-disclosure] MDKSA-2005:235 - Updated kernel packages fix numerous vulnerabilities
2005-12-22 00:00:00
MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities
2005-12-01 00:00:00
MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities
2005-12-01 00:00:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.055 Low

EPSS

Percentile

93.1%

JSON
Related for CESA-2006:0140
nessus30redhat9centos5debian9openvas14osv4ubuntu3suse3cve14seebug5ubuntucve11exploitpack2exploitdb2prion1securityvulns4