Debian DSA-1588-1 : linux-2.6 - denial of service
High Nessus Plugin ID 32448
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2007-6712 Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop.
- CVE-2008-1615 Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash.
- CVE-2008-2136 Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition.
- CVE-2008-2137 David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.
SolutionUpgrade the linux-2.6, fai-kernels, and user-mode-linux packages.
For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5.
Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at the time of this advisory. This advisory will be updated as these builds become available.