LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2008-2136 CVE-2008-2148
Created:May 15, 2008 Updated:January 8, 2009
Description: The kernel has several denial of service vulnerabilities. From the secunia report:

1) An error exists in the implementation of the "sys_utimensat()" system call. This can be exploited to update the access or modification time of arbitrary files via specially crafted arguments passed to the affected system call.

2) A memory leak exists in the "ipip6_rcv()" function included in the IPv6 over IPv4 (SIP) tunneling driver. This can be exploited to potentially exhaust all available memory via specially crafted network packets.

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
CentOS CESA-2008:0973 2008-12-17
Red Hat RHSA-2008:0973-03 2008-12-16
Red Hat RHSA-2009:0001-01 2009-01-08
Red Hat RHSA-2008:0585-01 2008-08-26
Mandriva MDVSA-2008:167 2008-08-12
CentOS CESA-2008:0612 2008-08-06
Mandriva MDVSA-2008:174 2008-08-19
Red Hat RHSA-2008:0612-01 2008-08-04
Red Hat RHSA-2008:0607-01 2008-07-23
SuSE SUSE-SA:2008:032 2008-07-07
CentOS CESA-2008:0607 2008-07-24
Ubuntu USN-625-1 2008-07-15
SuSE SUSE-SA:2008:030 2008-06-20
Debian DSA-1588-2 2008-05-30
Debian DSA-1588-1 2008-05-27
rPath rPSA-2008-0169-1 2008-05-14
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds