[Technik] Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities

[Noèl Köthe]

Am Sonntag, den 13.05.2007, 13:33 +0200 schrieb Moritz Muehlenhoff:

> Debian Security Advisory DSA 1289-1                    security at debian.org
> http://www.debian.org/security/                               Dann Frazier
> May 13th, 2007                          http://www.debian.org/security/faq
> 
> Package        : linux-2.6
> Vulnerability  : several
> Problem-Type   : local/remote
> Debian-specific: no
> CVE ID         : CVE-2007-1496 CVE-2007-1497 CVE-2007-1861

Linux kernel 2.6.18 (etch) auf cree und yuma aktualisiert und beide
Rechner wurde rebootet.

> This problem has been fixed in the stable distribution in version 
> 2.6.18.dfsg.1-12etch2.

changelog:
linux-2.6 (2.6.18.dfsg.1-12etch2) stable-security; urgency=high

  * bugfix/nfnetlink_log-null-deref.patch
    [SECURITY] Fix remotely exploitable NULL pointer dereference in
    nfulnl_recv_config()
    See CVE-2007-1496
  * bugfix/nf_conntrack-set-nfctinfo.patch
    [SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED,
    which allows remote attackers to bypass certain rulesets
    See CVE-2007-1497
  * bugfix/netlink-infinite-recursion.patch
    [SECURITY] Fix infinite recursion bug in netlink
    See CVE-2007-1861
  * bugfix/nl_fib_lookup-oops.patch
    Add fix for oops bug added by previous patch

 -- dann frazier <dannf at debian.org>  Tue, 01 May 2007 08:34:18 -0600

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070517/f56416c7/attachment.pgp