Package : linux-2.6
Vulnerability : several
Problem-Type : local/remote
CVE ID : CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525
CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
Ilja van Sprundel discovered that kernel memory could be leaked via the
Bluetooth setsockopt call due to an uninitialized stack buffer. This
could be used by local attackers to read the contents of sensitive kernel
Thomas Graf reported a typo in the DECnet protocol handler that could
be used by a local attacker to overrun an array via crafted packets,
potentially resulting in a Denial of Service (system crash).
A similar issue exists in the IPV4 protocol handler and will be fixed
in a subsequent update.
A couple of issues with random number generation were discovered.
Slightly less random numbers resulted from hashing a subset of the
available entropy. zero-entropy systems were seeded with the same
inputs at boot time, resulting in repeatable series of random numbers.
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
by releasing a socket before PPPIOCGCHAN is called upon it. This could
be used by a local user to DoS a system by consuming all available memory.
Vilmos Nebehaj discovered a NULL pointer dereference condition in the
netfilter subsystem. This allows remote systems which communicate using
the SCTP protocol to crash a system by creating a connection with an
unknown chunk type.
Oliver Neukum reported an issue in the usblcd driver which, by not
limiting the size of write buffers, permits local users with write access
to trigger a DoS by consuming all available memory.
Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of
range checking may lead to NULL pointer dereferences. Remote attackers
could exploit this to create a DoS condition (system crash).
Wojciech Purczynski discovered that pdeath_signal was not being reset
properly under certain conditions which may allow local users to gain
privileges by sending arbitrary signals to suid binaries.
Dave Airlie reported that Intel 965 and above chipsets have relocated
their batch buffer security bits. Local X server users may exploit this
to write user data to arbitrary physical memory addresses.
These problems have been fixed in the stable distribution in version
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch