Debian Security Advisory DSA 1588-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA 1588-1.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6712 Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. CVE-2008-1615 Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. CVE-2008-2136 Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. CVE-2008-2137 David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5. Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at the time of this advisory. This advisory will be updated as these builds become available. We recommend that you upgrade your linux-2.6, fai-kernels, and

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201588-1