Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
This kernel update fixes the following security problems:
CVE-2007-6282: A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall).
CVE-2008-1615: On x86_64 systems a denial of service attack could be used by local attackers to immediately panic / crash the machine.
CVE-2008-1375: Fixed a dnotify race condition, which could be used by local attackers to potentially execute code.
CVE-2008-1367: Clear the "
direction"
flag before calling signal
handlers. For specific not yet identified programs under specific timing conditions this could potentially have caused memory corruption or code execution.
Other changes and improvements include:
- OCFS2 updated to 1.2.9
- Significant bug fixes.
More details are available in the RPM changelog.
Affected
kernel on SUSE SLES 9, Novell Linux Desktop 9, Novell Linux POS 9
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-6282, CVE-2008-1367, CVE-2008-1375, CVE-2008-1615 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities