Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2007:0347
HistoryMay 20, 2007 - 2:21 a.m.

kernel security update

2007-05-2002:21:06
CentOS Project
lists.centos.org
68

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.154 Low

EPSS

Percentile

95.8%

JSON

CentOS Errata and Security Advisory CESA-2007:0347

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

  • a flaw in the handling of IPv6 type 0 routing headers that allowed remote
    users to cause a denial of service that led to a network amplification
    between two routers (CVE-2007-2242, Important).

  • a flaw in the nfnetlink_log netfilter module that allowed a local user to
    cause a denial of service (CVE-2007-1496, Important).

  • a flaw in the flow list of listening IPv6 sockets that allowed a local
    user to cause a denial of service (CVE-2007-1592, Important).

  • a flaw in the handling of netlink messages that allowed a local user to
    cause a denial of service (infinite recursion) (CVE-2007-1861, Important).

  • a flaw in the IPv4 forwarding base that allowed a local user to cause an
    out-of-bounds access (CVE-2007-2172, Important).

  • a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote
    users to bypass certain netfilter rules using IPv6 fragments
    (CVE-2007-1497, Moderate).

In addition to the security issues described above, fixes for the following
have been included:

  • a regression in ipv6 routing.

  • an error in memory initialization that caused gdb to output inaccurate
    backtraces on ia64.

  • the nmi watchdog timeout was updated from 5 to 30 seconds.

  • a flaw in distributed lock management that could result in errors during
    virtual machine migration.

  • an omitted include in kernel-headers that led to compile failures for
    some packages.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075964.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075965.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0347

OSVersionArchitecturePackageVersionFilename
CentOS5i686kernel< 2.6.18-8.1.4.el5kernel-2.6.18-8.1.4.el5.i686.rpm
CentOS5i686kernel-devel< 2.6.18-8.1.4.el5kernel-devel-2.6.18-8.1.4.el5.i686.rpm
CentOS5noarchkernel-doc< 2.6.18-8.1.4.el5kernel-doc-2.6.18-8.1.4.el5.noarch.rpm
CentOS5i386kernel-headers< 2.6.18-8.1.4.el5kernel-headers-2.6.18-8.1.4.el5.i386.rpm
CentOS5i686kernel-pae< 2.6.18-8.1.4.el5kernel-PAE-2.6.18-8.1.4.el5.i686.rpm
CentOS5i686kernel-pae-devel< 2.6.18-8.1.4.el5kernel-PAE-devel-2.6.18-8.1.4.el5.i686.rpm
CentOS5i686kernel-xen< 2.6.18-8.1.4.el5kernel-xen-2.6.18-8.1.4.el5.i686.rpm
CentOS5i686kernel-xen-devel< 2.6.18-8.1.4.el5kernel-xen-devel-2.6.18-8.1.4.el5.i686.rpm
CentOS5x86_64kernel< 2.6.18-8.1.4.el5kernel-2.6.18-8.1.4.el5.x86_64.rpm
CentOS5x86_64kernel-devel< 2.6.18-8.1.4.el5kernel-devel-2.6.18-8.1.4.el5.x86_64.rpm
Rows per page:
1-10 of 141

Related

nessus 41
redhat 8
osv 8
openvas 54
debian 8
oraclelinux 3
fedora 2
securityvulns 9
ubuntu 4
suse 6
ubuntucve 6
cve 7
prion 7
veracode 6
freebsd 1
cert 1
freebsd_advisory 1
centos 5
nessus
nessus
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 5 : kernel (CESA-2007:0347)
2010-01-06 00:00:00
RHEL 5 : kernel (RHSA-2007:0347)
2007-05-25 00:00:00
redhat
redhat
(RHSA-2007:0347) Important: kernel security and bug fix update
2007-05-16 00:00:00
(RHSA-2007:0436) Important: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9
2007-06-11 13:45:45
(RHSA-2007:0673) Important: kernel security update
2007-08-08 00:00:00
osv
osv
linux-2.6
2007-05-13 00:00:00
linux-2.6
2007-08-31 00:00:00
linux-2.6
2007-05-02 00:00:00
openvas
openvas
Debian Security Advisory DSA 1289-1 (linux-2.6)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1289-1)
2008-01-17 00:00:00
Oracle: Security Advisory (ELSA-2007-0347)
2015-10-08 00:00:00
debian
debian
[SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-05-13 11:33:16
[SECURITY] [DSA 1363-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-31 23:33:55
[SECURITY] [DSA 1286-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-05-02 19:37:39
oraclelinux
oraclelinux
Important: kernel security and bug fix update
2007-06-26 00:00:00
Important: kernel security and bug fix update
2007-12-04 00:00:00
Important: kernel security update
2007-06-26 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: kernel-2.6.20-1.2948.fc6
2007-05-01 16:21:51
[SECURITY] Fedora Core 5 Update: kernel-2.6.20-1.2316.fc5
2007-05-01 16:32:15
securityvulns
securityvulns
[SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution
2007-05-25 00:00:00
Linux netfilter multiple security vulnerabilities
2007-03-18 00:00:00
FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
2007-04-27 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-05-24 00:00:00
Linux kernel vulnerabilities
2007-07-18 00:00:00
Linux kernel vulnerabilities
2007-08-31 00:00:00
suse
suse
remote denial of service in kernel
2007-07-09 14:31:09
remote denial of service in kernel
2007-05-03 18:12:20
remote denial of service in kernel
2007-05-10 11:16:32
ubuntucve
ubuntucve
CVE-2007-2242
2007-04-25 00:00:00
CVE-2007-1496
2007-03-16 00:00:00
CVE-2007-1861
2007-05-07 00:00:00
cve
cve
CVE-2007-2242
2007-04-25 16:19:00
CVE-2007-1496
2007-03-16 22:19:00
CVE-2007-1861
2007-05-07 19:19:00
prion
prion
Code injection
2007-04-25 16:19:00
Null pointer dereference
2007-03-16 22:19:00
Type confusion
2007-04-22 19:19:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:18:32
Denial Of Service (DoS)
2020-04-10 00:18:27
Denial Of Service (DoS)
2020-04-10 00:18:30
freebsd
freebsd
FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-26 00:00:00
cert
cert
IPv6 Type 0 Route Headers allow sender to control routing
2007-06-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:03.ipv6
2007-04-26 00:00:00
centos
centos
gdb, kernel security update
2007-06-11 22:34:46
kernel security update
2007-08-09 04:54:35
kernel security update
2007-12-03 19:44:42

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.154 Low

EPSS

Percentile

95.8%

JSON
Related for CESA-2007:0347
nessus41redhat8osv8openvas54debian8oraclelinux3fedora2securityvulns9ubuntu4suse6ubuntucve6cve7prion7veracode6freebsd1cert1freebsd_advisory1centos5