Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0275
HistoryMay 21, 2008 - 12:48 p.m.

kernel security update

2008-05-2112:48:13
CentOS Project
lists.centos.org
65

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

69.7%

JSON

CentOS Errata and Security Advisory CESA-2008:0275

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

  • on AMD64 architectures, the possibility of a kernel crash was discovered
    by testing the Linux kernel process-trace ability. This could allow a local
    unprivileged user to cause a denial of service (kernel crash).
    (CVE-2008-1615, Important)

  • on 64-bit architectures, the possibility of a timer-expiration value
    overflow was found in the Linux kernel high-resolution timers
    functionality, hrtimer. This could allow a local unprivileged user to setup
    a large interval value, forcing the timer expiry value to become negative,
    causing a denial of service (kernel hang). (CVE-2007-6712, Important)

  • the possibility of a kernel crash was found in the Linux kernel IPsec
    protocol implementation, due to improper handling of fragmented ESP
    packets. When an attacker controlling an intermediate router fragmented
    these packets into very small pieces, it would cause a kernel crash on the
    receiving node during packet reassembly. (CVE-2007-6282, Important)

  • a potential denial of service attack was discovered in the Linux kernel
    PWC USB video driver. A local unprivileged user could use this flaw to
    bring the kernel USB subsystem into the busy-waiting state, causing a
    denial of service. (CVE-2007-5093, Low)

As well, these updated packages fix the following bugs:

  • in certain situations, a kernel hang and a possible panic occurred when
    disabling the cpufreq daemon. This may have prevented system reboots from
    completing successfully.

  • continual “softlockup” messages, which occurred on the guest’s console
    after a successful save and restore of a Red Hat Enterprise Linux 5
    para-virtualized guest, have been resolved.

  • in the previous kernel packages, the kernel may not have reclaimed NFS
    locks after a system reboot.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-May/077078.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077079.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0275

OSVersionArchitecturePackageVersionFilename
CentOS5i686kernel< 2.6.18-53.1.21.el5kernel-2.6.18-53.1.21.el5.i686.rpm
CentOS5i686kernel-debug< 2.6.18-53.1.21.el5kernel-debug-2.6.18-53.1.21.el5.i686.rpm
CentOS5i686kernel-debug-devel< 2.6.18-53.1.21.el5kernel-debug-devel-2.6.18-53.1.21.el5.i686.rpm
CentOS5i686kernel-devel< 2.6.18-53.1.21.el5kernel-devel-2.6.18-53.1.21.el5.i686.rpm
CentOS5noarchkernel-doc< 2.6.18-53.1.21.el5kernel-doc-2.6.18-53.1.21.el5.noarch.rpm
CentOS5i386kernel-headers< 2.6.18-53.1.21.el5kernel-headers-2.6.18-53.1.21.el5.i386.rpm
CentOS5i686kernel-pae< 2.6.18-53.1.21.el5kernel-PAE-2.6.18-53.1.21.el5.i686.rpm
CentOS5i686kernel-pae-devel< 2.6.18-53.1.21.el5kernel-PAE-devel-2.6.18-53.1.21.el5.i686.rpm
CentOS5i686kernel-xen< 2.6.18-53.1.21.el5kernel-xen-2.6.18-53.1.21.el5.i686.rpm
CentOS5i686kernel-xen-devel< 2.6.18-53.1.21.el5kernel-xen-devel-2.6.18-53.1.21.el5.i686.rpm
Rows per page:
1-10 of 181

Related

oraclelinux 3
nessus 30
openvas 48
redhat 4
suse 5
debian 8
securityvulns 7
osv 6
prion 4
veracode 4
ubuntucve 4
cve 4
centos 2
ubuntu 4
fedora 1
oraclelinux
oraclelinux
kernel security and bug fix update
2008-05-20 00:00:00
kernel security and bug fix update
2008-05-07 00:00:00
kernel security and bug fix update
2008-11-19 00:00:00
nessus
nessus
RHEL 5 : kernel (RHSA-2008:0275)
2008-05-20 00:00:00
Oracle Linux 5 : kernel (ELSA-2008-0275)
2013-07-12 00:00:00
CentOS 5 : kernel (CESA-2008:0275)
2010-01-06 00:00:00
openvas
openvas
RedHat Update for kernel RHSA-2008:0275-01
2009-03-06 00:00:00
RedHat Update for kernel RHSA-2008:0275-01
2009-03-06 00:00:00
Oracle: Security Advisory (ELSA-2008-0275)
2015-10-08 00:00:00
redhat
redhat
(RHSA-2008:0275) Important: kernel security and bug fix update
2008-05-20 00:00:00
(RHSA-2008:0585) Important: kernel security and bug fix update
2008-08-26 00:00:00
(RHSA-2008:0237) Important: kernel security and bug fix update
2008-05-07 00:00:00
suse
suse
remote denial of service in kernel
2008-07-02 13:19:53
remote denial of service in kernel
2008-06-20 16:05:15
remote denial of service in kernel
2008-07-07 14:54:24
debian
debian
[SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities
2008-05-27 17:02:58
[SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities
2008-05-30 21:38:54
[SECURITY] [DSA 1381-2] New Linux 2.6.18 packages fix several vulnerabilities
2007-10-12 23:54:38
securityvulns
securityvulns
[SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities
2008-05-29 00:00:00
Linux multiple security vulnerabilities
2008-05-29 00:00:00
Linux kernel multiple security vulnerabilities
2007-10-04 00:00:00
osv
osv
fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2008-05-27 00:00:00
linux-2.6
2007-10-02 00:00:00
fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2008-08-21 00:00:00
prion
prion
Design/Logic Flaw
2008-05-08 00:20:00
Integer overflow
2008-04-12 19:05:00
Design/Logic Flaw
2008-05-08 00:20:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:22:14
Denial Of Service (DoS)
2020-04-10 00:22:16
Denial Of Service (DoS)
2020-04-10 00:22:17
ubuntucve
ubuntucve
CVE-2007-6282
2008-05-08 00:00:00
CVE-2007-6712
2008-04-12 00:00:00
CVE-2008-1615
2008-05-08 00:00:00
cve
cve
CVE-2007-6282
2008-05-08 00:20:00
CVE-2007-6712
2008-04-12 19:05:00
CVE-2008-1615
2008-05-08 00:20:00
centos
centos
kernel security update
2008-05-10 02:08:23
kernel security update
2008-11-20 14:26:01
ubuntu
ubuntu
Linux kernel vulnerabilities
2008-07-15 00:00:00
Linux kernel vulnerabilities
2007-12-19 00:00:00
Linux kernel vulnerabilities
2008-02-14 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: kernel-2.6.23.17-88.fc7
2008-05-17 22:21:35

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for CESA-2008:0275
oraclelinux3nessus30openvas48redhat4suse5debian8securityvulns7osv6prion4veracode4ubuntucve4cve4centos2ubuntu4fedora1