linux-2.6 -- denial of service

ID DSA-1588
Type debian
Reporter Debian
Modified 2008-05-27T00:00:00


Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop.

Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash.

Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition.

David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.

For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5.

Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at the time of this advisory. This advisory will be updated as these builds become available.

We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.