(RHSA-2007:0013) Moderate: kernel security update

ID RHSA-2007:0013
Type redhat
Reporter RedHat
Modified 2018-03-14T19:27:06


The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described below:

  • a flaw in the ATM subsystem affecting systems with installed ATM hardware and configured ATM support that allowed a remote user to cause a denial of service (panic) by accessing socket buffer memory after it has been freed (CVE-2006-4997, Moderate)

  • a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate)

In addition to the security issues described above, the following bugs are also addressed:

  • a potential overflow condition when reading /proc/devices
  • uninitialized memory in cdrom_init() that can lead to a crash at install time
  • a potential page corruption bug in /proc/kcore
  • a race condition when reading vmalloc()ed regions via /proc/kcore

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to these updated packages, which contain backported fixes to correct these issues.