Updates/kernel-2.6.16-1.2111 FC4

From FarsiWeb

The packages kernel and kernel-smp contain the Linux kernel, the core of the Linux operating system.

This updates fixes the following security vulnerabilities:

  • Common Vulnerabilities and Exposures issue CVE 2006-1857:
    Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
  • Common Vulnerabilities and Exposures issue CVE 2006-1858:
    SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
  • Common Vulnerabilities and Exposures issue CVE 2006-1860:
    lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
  • Common Vulnerabilities and Exposures issue CVE 2006-2271:
    The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
  • Common Vulnerabilities and Exposures issue CVE 2006-2272:
    Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
  • Common Vulnerabilities and Exposures issue CVE 2006-2274:
    Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
  • Common Vulnerabilities and Exposures issue CVE 2006-2275:
    Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

This update will update kernel to the new version 2.6.16.17, which contains fixes for the above bugs.

Retrieved from "http://www.farsiweb.ir/wiki/Updates/kernel-2.6.16-1.2111_FC4"
Personal tools