Lucene search

K
centosCentOS ProjectCESA-2007:0014
HistoryJan 31, 2007 - 8:01 a.m.

kernel security update

2007-01-3108:01:52
CentOS Project
lists.centos.org
64

9.4 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

0.141 Low

EPSS

Percentile

95.7%

CentOS Errata and Security Advisory CESA-2007:0014

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

  • a flaw in the get_fdb_entries function of the network bridging support
    that allowed a local user to cause a denial of service (crash) or allow a
    potential privilege escalation (CVE-2006-5751, Important)

  • an information leak in the _block_prepare_write function that allowed a
    local user to read kernel memory (CVE-2006-4813, Important)

  • an information leak in the copy_from_user() implementation on s390 and
    s390x platforms that allowed a local user to read kernel memory
    (CVE-2006-5174, Important)

  • a flaw in the handling of /proc/net/ip6_flowlabel that allowed a local
    user to cause a denial of service (infinite loop) (CVE-2006-5619, Important)

  • a flaw in the AIO handling that allowed a local user to cause a denial of
    service (panic) (CVE-2006-5754, Important)

  • a race condition in the mincore system core that allowed a local user to
    cause a denial of service (system hang) (CVE-2006-4814, Moderate)

  • a flaw in the ELF handling on ia64 and sparc architectures which
    triggered a cross-region memory mapping and allowed a local user to cause a
    denial of service (CVE-2006-4538, Moderate)

  • a flaw in the dev_queue_xmit function of the network subsystem that
    allowed a local user to cause a denial of service (data corruption)
    (CVE-2006-6535, Moderate)

  • a flaw in the handling of CAPI messages over Bluetooth that allowed a
    remote system to cause a denial of service or potential code execution.
    This flaw is only exploitable if a privileged user establishes a connection
    to a malicious remote device (CVE-2006-6106, Moderate)

  • a flaw in the listxattr system call that allowed a local user to cause a
    denial of service (data corruption) or potential privilege escalation. To
    successfully exploit this flaw the existence of a bad inode is required
    first (CVE-2006-5753, Moderate)

  • a flaw in the __find_get_block_slow function that allowed a local
    privileged user to cause a denial of service (CVE-2006-5757, Low)

  • various flaws in the supported filesystems that allowed a local
    privileged user to cause a denial of service (CVE-2006-5823, CVE-2006-6053,
    CVE-2006-6054, CVE-2006-6056, Low)

In addition to the security issues described above, fixes for the following
bugs were included:

  • initialization error of the tg3 driver with some BCM5703x network card

  • a memory leak in the audit subsystem

  • x86_64 nmi watchdog timeout is too short

  • ext2/3 directory reads fail intermittently

Red Hat would like to thank Dmitriy Monakhov and Kostantin Khorenko for
reporting issues fixed in this erratum.

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-February/075659.html
https://lists.centos.org/pipermail/centos-announce/2007-January/075647.html
https://lists.centos.org/pipermail/centos-announce/2007-January/075648.html
https://lists.centos.org/pipermail/centos-announce/2007-January/075656.html

Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0014
https://access.redhat.com/errata/RHSA-2007:0018

9.4 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

0.141 Low

EPSS

Percentile

95.7%