Debian Security Advisory DSA 1289-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA 1289-1.

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1496 Michal Miroslaw reported a DoS vulnerability (crash) in netfilter. A remote attacker can cause a NULL pointer dereference in the nfnetlink_log function. CVE-2007-1497 Patrick McHardy reported an vulnerability in netfilter that may allow attackers to bypass certain firewall rules. The nfctinfo value of reassembled IPv6 packet fragments were incorrectly initalized to 0 which allowed these packets to become tracked as ESTABLISHED. CVE-2007-1861 Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were incorrectly routed back to the kernel resulting in an infinite recursion condition. Local users can exploit this behavior to cause a DoS (crash). This problem has been fixed in the stable distribution in version 2.6.18.dfsg.1-12etch2. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch2 user-mode-linux 2.6.18-1um-2etch2 kernel-patch-openvz 028.18.1etch1 We recommend that you upgrade your kernel package immediately and reboot

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201289-1