|
|
Subscribe / Log in / New account

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-1353 CVE-2007-2451 CVE-2007-2453
Created:June 11, 2007 Updated:March 6, 2008
Description: Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Alerts:
Debian DSA-1504 kernel-source-2.6.8 2008-02-22
Debian DSA-1503-2 kernel-source-2.4.27 2008-03-06
Debian DSA-1503 kernel-source-2.4.27 2008-02-22
Red Hat RHSA-2007:0488-01 kernel 2007-06-25
Debian DSA-1356-1 linux-2.6 2007-08-15
SuSE SUSE-SA:2007:051 kernel 2007-09-06
Mandriva MDKSA-2007:216 kernel 2007-11-13
Mandriva MDKSA-2007:171 kernel 2007-08-28
Red Hat RHSA-2007:0671-01 kernel 2007-08-16
Red Hat RHSA-2007:0673-01 kernel 2007-08-08
Red Hat RHSA-2007:0672-01 kernel 2007-08-08
Ubuntu USN-489-1 linux-source-2.6.15 2007-07-19
Ubuntu USN-486-1 linux-source-2.6.17 2007-07-17
Fedora FEDORA-2007-600 kernel 2007-06-25
Fedora FEDORA-2007-599 kernel 2007-06-21
SuSE SUSE-SA:2007:035 kernel 2007-06-14
Red Hat RHSA-2007:0376-01 kernel 2007-06-14
Fedora FEDORA-2007-0409 kernel 2007-06-13
Ubuntu USN-470-1 linux-source-2.6.20 2007-06-08
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds