Scientific Linux Security Update : kernel on SL5.x i386/x86_64
High Nessus Plugin ID 60181
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThese new kernel packages contain fixes for the following security issues :
- a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).
- a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).
- a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).
- a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).
- a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).
- a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).
In addition to the security issues described above, fixes for the following have been included :
- a regression in ipv6 routing.
- an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.
- the nmi watchdog timeout was updated from 5 to 30 seconds.
- a flaw in distributed lock management that could result in errors during virtual machine migration.
- an omitted include in kernel-headers that led to compile failures for some packages.
SolutionUpdate the affected packages.