linux-2.6

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2007-1496
  Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.
  A remote attacker can cause a NULL pointer dereference in the
  nfnetlink_log function.
• CVE-2007-1497
  Patrick McHardy reported an vulnerability in netfilter that may
  allow attackers to bypass certain firewall rules. The nfctinfo
  value of reassembled IPv6 packet fragments were incorrectly initialized
  to 0 which allowed these packets to become tracked as ESTABLISHED.
• CVE-2007-1861
  Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were
  incorrectly routed back to the kernel resulting in an infinite
  recursion condition. Local users can exploit this behavior
  to cause a DoS (crash).

For the stable distribution (etch) these problems have been fixed in version
2.6.18.dfsg.1-12etch2.

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.