Fedora Core 4 : kernel-2.6.16-1.2111_FC4 (2006-573)
High Nessus Plugin ID 24110
SynopsisThe remote Fedora Core host is missing a security update.
DescriptionThis update rebases to the latest upstream -stable release (184.108.40.206), where a number of security problems have been fixed, notably :
SCTP: Validate the parameter length in HB-ACK chunk (CVE-2006-1857) SCTP: Respect the real chunk length when walking parameters (CVE-2006-1858) fs/locks.c: Fix lease_init (CVE-2006-1860) SCTP: Fix state table entries for chunks received in CLOSED state.
(CVE-2006-2271) SCTP: Fix panic's when receiving fragmented SCTP control chunks. (CVE-2006-2272) SCTP: Prevent possible infinite recursion with multiple bundled DATA. (CVE-2006-2274) SCTP: Allow spillover of receive buffer to avoid deadlock. (CVE-2006-2275)
Complete changelogs for the -stable releases can be found at
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-220.127.116.11 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-18.104.22.168 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-22.214.171.124
Fedora specific changes are detailed below
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.