Fedora Core 5 : kernel-2.6.19-1.2288.fc5 (2007-225)
High Nessus Plugin ID 24348
SynopsisThe remote Fedora Core host is missing a security update.
DescriptionCVE-2006-0007: The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows remote attackers to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as 'spinlock CPU recursion.'
Major rebase to upstream linux kernel 184.108.40.206:
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19 www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-220.127.116.11 www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-18.104.22.168 www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-22.214.171.124
This update also introduces 'kernel-debug', a variant with additional debugging options enabled. These kernels may run with lower performance and increased memory overhead than the non-debug variants.
Bugs fixed: 214495, 211672
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.