rPath Security Advisory: 2007-0084-1
Published: 2007-05-01
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
kernel=/conary.rpath.com@rpl:devel//1/2.6.19.7-0.4-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
https://issues.rpath.com/browse/RPL-1309
https://issues.rpath.com/browse/RPL-1310
Description:
Previous versions of the kernel package are vulnerable to one
local user Denial of Service attack in which local users can
trigger a kernel stack overflow using the netlink layer, and to one
remote Denial of Service attack in which if IPv6 routing has been
configured, a remote user can cause the system to use all available
network bandwidth by sending a specially-crafted IPv6 packet.
In addition, several issues have been resolved that caused some
systems to have difficulty booting: attempting to initialize the
Intel random number generator caused some recent systems to hang
during boot, and NUMA capability was also causing some systems to
hang during boot and so has been disabled on x86, where it is
generally not needed.
A system reboot is required to resolve these issues.
