6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.044 Low
EPSS
Percentile
92.4%
CentOS Errata and Security Advisory CESA-2007:0705
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the following security issues:
a flaw in the DRM driver for Intel graphics cards that allowed a local
user to access any part of the main memory. To access the DRM functionality
a user must have access to the X server which is granted through the
graphical login. This also only affected systems with an Intel 965 or later
graphic chipset. (CVE-2007-3851, Important)
a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a
local user to corrupt a kernel_dirent struct and cause a denial of service
(system crash). (CVE-2007-2878, Important)
a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)
flaw in the CIFS filesystem which could cause the umask values of a
process to not be honored. This affected CIFS filesystems where the Unix
extensions are supported. (CVE-2007-3740, Important)
a flaw in the stack expansion when using the hugetlb kernel on PowerPC
systems that allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)
a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim’s machine. (CVE-2007-1217, Moderate)
a flaw in the cpuset support that allowed a local user to obtain
sensitive information from kernel memory. To exploit this the cpuset
filesystem would have to already be mounted. (CVE-2007-2875, Moderate)
a flaw in the CIFS handling of the mount option “sec=” that didn’t enable
integrity checking and didn’t produce any error message. (CVE-2007-3843,
Low)
Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076358.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076359.html
Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0705
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i686 | kernel | < 2.6.18-8.1.10.el5 | kernel-2.6.18-8.1.10.el5.i686.rpm |
CentOS | 5 | i686 | kernel-devel | < 2.6.18-8.1.10.el5 | kernel-devel-2.6.18-8.1.10.el5.i686.rpm |
CentOS | 5 | noarch | kernel-doc | < 2.6.18-8.1.10.el5 | kernel-doc-2.6.18-8.1.10.el5.noarch.rpm |
CentOS | 5 | i386 | kernel-headers | < 2.6.18-8.1.10.el5 | kernel-headers-2.6.18-8.1.10.el5.i386.rpm |
CentOS | 5 | i686 | kernel-pae | < 2.6.18-8.1.10.el5 | kernel-PAE-2.6.18-8.1.10.el5.i686.rpm |
CentOS | 5 | i686 | kernel-pae-devel | < 2.6.18-8.1.10.el5 | kernel-PAE-devel-2.6.18-8.1.10.el5.i686.rpm |
CentOS | 5 | i686 | kernel-xen | < 2.6.18-8.1.10.el5 | kernel-xen-2.6.18-8.1.10.el5.i686.rpm |
CentOS | 5 | i686 | kernel-xen-devel | < 2.6.18-8.1.10.el5 | kernel-xen-devel-2.6.18-8.1.10.el5.i686.rpm |
CentOS | 5 | x86_64 | kernel | < 2.6.18-8.1.10.el5 | kernel-2.6.18-8.1.10.el5.x86_64.rpm |
CentOS | 5 | x86_64 | kernel-devel | < 2.6.18-8.1.10.el5 | kernel-devel-2.6.18-8.1.10.el5.x86_64.rpm |