Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0689
HistoryOct 07, 2006 - 5:42 p.m.

kernel security update

2006-10-0717:42:47
CentOS Project
lists.centos.org
50

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.093 Low

EPSS

Percentile

94.6%

JSON

CentOS Errata and Security Advisory CESA-2006:0689

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

  • a flaw in the SCTP support that allowed a local user to cause a denial of
    service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important)

  • a flaw in the hugepage table support that allowed a local user to cause a
    denial of service (crash). (CVE-2005-4811, Important)

  • a flaw in the mprotect system call that allowed setting write permission
    for a read-only attachment of shared memory. (CVE-2006-2071, Moderate)

  • a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems
    that allowed a local user to cause a denial of service. (crash)
    (CVE-2006-4093, Moderate)

  • a flaw in the perfmon support of Itanium systems that allowed a local
    user to cause a denial of service by consuming all file descriptors.
    (CVE-2006-3741, Moderate)

  • a flaw in the ATM subsystem. On systems with installed ATM hardware and
    configured ATM support, a remote user could cause a denial of service
    (panic) by accessing socket buffers memory after freeing them.
    (CVE-2006-4997, Moderate)

  • a flaw in the DVB subsystem. On systems with installed DVB hardware and
    configured DVB support, a remote user could cause a denial of service
    (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low)

  • an information leak in the network subsystem that possibly allowed a
    local user to read sensitive data from kernel memory. (CVE-2006-0039, Low)

In addition, two bugfixes for the IPW-2200 wireless driver were included.
The first one ensures that wireless management applications correctly
identify IPW-2200 controlled devices, while the second fix ensures that
DHCP requests using the IPW-2200 operate correctly.

Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar
Designer for reporting issues fixed in this erratum.

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-October/075474.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075475.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075477.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075478.html

Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0689

OSVersionArchitecturePackageVersionFilename
CentOS4noarchkernel-doc< 2.6.9-42.0.3.ELkernel-doc-2.6.9-42.0.3.EL.noarch.rpm
CentOS4x86_64kernel< 2.6.9-42.0.3.ELkernel-2.6.9-42.0.3.EL.x86_64.rpm
CentOS4x86_64kernel-devel< 2.6.9-42.0.3.ELkernel-devel-2.6.9-42.0.3.EL.x86_64.rpm
CentOS4x86_64kernel-largesmp< 2.6.9-42.0.3.ELkernel-largesmp-2.6.9-42.0.3.EL.x86_64.rpm
CentOS4x86_64kernel-largesmp-devel< 2.6.9-42.0.3.ELkernel-largesmp-devel-2.6.9-42.0.3.EL.x86_64.rpm
CentOS4x86_64kernel-smp< 2.6.9-42.0.3.ELkernel-smp-2.6.9-42.0.3.EL.x86_64.rpm
CentOS4x86_64kernel-smp-devel< 2.6.9-42.0.3.ELkernel-smp-devel-2.6.9-42.0.3.EL.x86_64.rpm
CentOS4i586kernel< 2.6.9-42.0.3.ELkernel-2.6.9-42.0.3.EL.i586.rpm
CentOS4i686kernel< 2.6.9-42.0.3.ELkernel-2.6.9-42.0.3.EL.i686.rpm
CentOS4i586kernel-devel< 2.6.9-42.0.3.ELkernel-devel-2.6.9-42.0.3.EL.i586.rpm
Rows per page:
1-10 of 261

Related

nessus 32
redhat 6
oraclelinux 2
ubuntucve 9
cve 9
prion 3
centos 3
openvas 29
debian 8
ubuntu 6
securityvulns 6
osv 7
suse 2
vmware 1
nessus
nessus
RHEL 4 : kernel (RHSA-2006:0689)
2006-10-10 00:00:00
CentOS 4 : kernel (CESA-2006:0689)
2006-10-10 00:00:00
Oracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2006:0689) kernel security update
2006-10-05 00:00:00
(RHSA-2006:0710) kernel security update
2006-10-19 00:00:00
(RHSA-2007:0013) Moderate: kernel security update
2007-01-17 00:00:00
oraclelinux
oraclelinux
Important kernel security update
2006-11-30 00:00:00
Important kernel security update
2006-11-30 00:00:00
ubuntucve
ubuntucve
CVE-2005-4811
2005-12-31 00:00:00
CVE-2006-3741
2006-10-10 00:00:00
CVE-2006-0039
2006-05-19 00:00:00
cve
cve
CVE-2005-4811
2005-12-31 05:00:00
CVE-2006-0039
2006-05-19 22:02:00
CVE-2006-4093
2006-08-21 21:04:00
prion
prion
Race condition
2006-05-19 22:02:00
Code injection
2006-04-19 18:18:00
Code injection
2006-04-27 17:06:00
centos
centos
kernel security update
2006-10-19 14:36:54
kernel security update
2007-01-19 03:58:19
kernel security update
2006-07-17 05:19:27
openvas
openvas
Debian: Security Advisory (DSA-1237)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-347-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities
2006-12-17 14:07:46
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities
2006-12-10 21:06:55
[SECURITY] [DSA 1304-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
2007-06-16 10:57:02
ubuntu
ubuntu
Linux kernel vulnerabilities
2006-09-19 00:00:00
Linux kernel vulnerabilities
2006-07-11 00:00:00
Linux kernel vulnerabilities
2006-09-15 00:00:00
securityvulns
securityvulns
[Full-disclosure] [USN-347-1] Linux kernel vulnerabilities
2006-09-19 00:00:00
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
2006-11-14 00:00:00
VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
2006-11-14 00:00:00
osv
osv
kernel-source-2.6.8 - several
2006-12-10 00:00:00
kernel-source-2.6.8 - several
2007-06-16 00:00:00
kernel-source-2.6.8 - several vulnerabilities
2006-09-25 00:00:00
suse
suse
remote denial of service in kernel
2006-09-28 15:21:18
remote denial of service in kernel
2006-12-21 15:00:30
vmware
vmware
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
2007-07-05 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.093 Low

EPSS

Percentile

94.6%

JSON
Related for CESA-2006:0689
nessus32redhat6oraclelinux2ubuntucve9cve9prion3centos3openvas29debian8ubuntu6securityvulns6osv7suse2vmware1