Red Hat released one new security update this morning.
RHSA-2007:0488 Important: kernel security update
This update addresses multiple vulnerabilities in the kernel packages for Red Hat Enterprise Linux 4. A list of vulnerabilities fixed by this update can be found in Table 1 below. The Red Hat Security Response Team has rated this update as having important security impact.
| CVE-2007-2876 | a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. |
| CVE-2006-7203 | a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). |
| CVE-2007-2172 | a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. |
| CVE-2007-2525 | a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. |
| CVE-2007-0773 | a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). |
| CVE-2006-5158 | a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). |
| CVE-2007-3104 | a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. |
| CVE-2007-0958 | a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. |
| CVE-2007-1353 | a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. |
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply