Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0014
HistoryJan 30, 2007 - 12:00 a.m.

(RHSA-2007:0014) Important: kernel security update

2007-01-3000:00:00
access.redhat.com
53

EPSS

0.141

Percentile

95.7%

JSON

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

  • a flaw in the get_fdb_entries function of the network bridging support
    that allowed a local user to cause a denial of service (crash) or allow a
    potential privilege escalation (CVE-2006-5751, Important)

  • an information leak in the _block_prepare_write function that allowed a
    local user to read kernel memory (CVE-2006-4813, Important)

  • an information leak in the copy_from_user() implementation on s390 and
    s390x platforms that allowed a local user to read kernel memory
    (CVE-2006-5174, Important)

  • a flaw in the handling of /proc/net/ip6_flowlabel that allowed a local
    user to cause a denial of service (infinite loop) (CVE-2006-5619, Important)

  • a flaw in the AIO handling that allowed a local user to cause a denial of
    service (panic) (CVE-2006-5754, Important)

  • a race condition in the mincore system core that allowed a local user to
    cause a denial of service (system hang) (CVE-2006-4814, Moderate)

  • a flaw in the ELF handling on ia64 and sparc architectures which
    triggered a cross-region memory mapping and allowed a local user to cause a
    denial of service (CVE-2006-4538, Moderate)

  • a flaw in the dev_queue_xmit function of the network subsystem that
    allowed a local user to cause a denial of service (data corruption)
    (CVE-2006-6535, Moderate)

  • a flaw in the handling of CAPI messages over Bluetooth that allowed a
    remote system to cause a denial of service or potential code execution.
    This flaw is only exploitable if a privileged user establishes a connection
    to a malicious remote device (CVE-2006-6106, Moderate)

  • a flaw in the listxattr system call that allowed a local user to cause a
    denial of service (data corruption) or potential privilege escalation. To
    successfully exploit this flaw the existence of a bad inode is required
    first (CVE-2006-5753, Moderate)

  • a flaw in the __find_get_block_slow function that allowed a local
    privileged user to cause a denial of service (CVE-2006-5757, Low)

  • various flaws in the supported filesystems that allowed a local
    privileged user to cause a denial of service (CVE-2006-5823, CVE-2006-6053,
    CVE-2006-6054, CVE-2006-6056, Low)

In addition to the security issues described above, fixes for the following
bugs were included:

  • initialization error of the tg3 driver with some BCM5703x network card

  • a memory leak in the audit subsystem

  • x86_64 nmi watchdog timeout is too short

  • ext2/3 directory reads fail intermittently

Red Hat would like to thank Dmitriy Monakhov and Kostantin Khorenko for
reporting issues fixed in this erratum.

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64iserieskernel< 2.6.9-42.0.8.ELkernel-2.6.9-42.0.8.EL.ppc64iseries.rpm
RedHatanysrckernel< 2.6.9-42.0.8.ELkernel-2.6.9-42.0.8.EL.src.rpm
RedHatanyi686kernel-smp-devel< 2.6.9-42.0.8.ELkernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm
RedHatanyi686kernel-hugemem-devel< 2.6.9-42.0.8.ELkernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm
RedHatanyi686kernel-hugemem< 2.6.9-42.0.8.ELkernel-hugemem-2.6.9-42.0.8.EL.i686.rpm
RedHatanys390kernel-devel< 2.6.9-42.0.8.ELkernel-devel-2.6.9-42.0.8.EL.s390.rpm
RedHatanyx86_64kernel-smp-devel< 2.6.9-42.0.8.ELkernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm
RedHatanynoarchkernel-doc< 2.6.9-42.0.8.ELkernel-doc-2.6.9-42.0.8.EL.noarch.rpm
RedHatanyi686kernel-devel< 2.6.9-42.0.8.ELkernel-devel-2.6.9-42.0.8.EL.i686.rpm
RedHatanyx86_64kernel-largesmp-devel< 2.6.9-42.0.8.ELkernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm
Rows per page:
1-10 of 281

Related

oraclelinux 3
nessus 41
centos 6
ubuntu 3
openvas 57
suse 5
securityvulns 2
osv 5
debian 5
redhat 6
fedora 7
ubuntucve 14
cvelist 15
cve 15
nvd 15
oraclelinux
oraclelinux
Important: kernel security update
2007-01-31 00:00:00
Important: kernel security and bug fix update
2007-12-04 00:00:00
kernel security and bug fix update
2008-05-07 00:00:00
nessus
nessus
CentOS 4 : kernel (CESA-2007:0014)
2009-04-23 00:00:00
RHEL 4 : kernel (RHSA-2007:0014)
2007-02-09 00:00:00
Oracle Linux 4 : kernel (ELSA-2007-0014)
2013-07-12 00:00:00
centos
centos
kernel security update
2007-01-31 08:01:52
gdb, kernel security update
2007-06-11 22:34:46
kernel security update
2007-08-09 04:54:35
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-02-10 00:00:00
Linux kernel vulnerabilities
2006-12-14 00:00:00
Linux kernel vulnerabilities
2006-09-19 00:00:00
openvas
openvas
Ubuntu Update for linux-source-2.6.12/2.6.15/2.6.17 vulnerabilities USN-416-1
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-416-1)
2009-03-23 00:00:00
Mandriva Update for kernel MDKSA-2007:002 (kernel)
2009-04-09 00:00:00
suse
suse
remote denial of service in kernel
2006-12-21 15:00:30
remote denial of service in kernel-bigsmp
2007-02-27 15:16:37
remote denial of service in kernel
2007-03-16 14:36:00
securityvulns
securityvulns
Multiple Linux kernel vulnerabilities
2007-02-02 00:00:00
[Full-disclosure] [USN-347-1] Linux kernel vulnerabilities
2006-09-19 00:00:00
osv
osv
kernel-source-2.6.8 - several
2007-06-16 00:00:00
kernel-source-2.6.8 - several
2006-12-10 00:00:00
kernel-source-2.4.27 - several vulnerabilities
2008-02-22 00:00:00
debian
debian
[SECURITY] [DSA 1304-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
2007-06-16 10:57:02
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities
2006-12-10 21:06:55
[SECURITY] [DSA 1503-2] New Linux kernel 2.4.27 packages fix several issues
2008-03-06 07:47:54
redhat
redhat
(RHSA-2007:0436) Important: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9
2007-06-11 13:45:45
(RHSA-2007:0673) Important: kernel security update
2007-08-08 00:00:00
(RHSA-2007:0672) Important: kernel security update
2007-08-08 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: kernel-2.6.19-1.2288.2.1.fc5
2007-03-02 16:58:32
[SECURITY] Fedora Core 6 Update: kernel-2.6.19-1.2911.6.4.fc6
2007-03-02 16:48:39
[SECURITY] Fedora Core 5 Update: kernel-2.6.19-1.2288.fc5
2007-02-13 22:41:04
ubuntucve
ubuntucve
CVE-2006-5619
2006-10-31 00:00:00
CVE-2006-5751
2006-12-02 00:00:00
CVE-2006-5757
2006-11-06 00:00:00
cvelist
cvelist
CVE-2006-5619
2006-10-31 19:00:00
CVE-2006-6106
2006-12-19 19:00:00
CVE-2006-4814
2006-12-20 02:00:00
cve
cve
CVE-2006-6106
2006-12-19 19:28:00
CVE-2006-4814
2006-12-20 02:28:00
CVE-2006-5757
2006-11-06 20:07:00
nvd
nvd
CVE-2006-5619
2006-10-31 19:07:00
CVE-2006-5757
2006-11-06 20:07:00
CVE-2006-6106
2006-12-19 19:28:00

EPSS

0.141

Percentile

95.7%

JSON
Related for RHSA-2007:0014
oraclelinux3nessus41centos6ubuntu3openvas57suse5securityvulns2osv5debian5redhat6fedora7ubuntucve14cvelist15cve15nvd15