Computer Security
[EN] no-pyccku

Linux multiple security vulnerabilities
SecurityVulns ID:9029
Threat Level:
Description:Memory leak in IPv6 over IPv4 tunnels, mmap DoS on the SPARC architecture, DoS on amd64 architecture, DoS with hrtimer integer overflow on 64bit architectures.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before and 2.6 before, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.)
 CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel before allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.)
 CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.)
 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities (29.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod