Test ID:	1.3.6.1.4.1.25623.1.0.61103
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 1588-1 (linux-2.6)
Summary:	Debian Security Advisory DSA 1588-1 (linux-2.6)
Description:	The remote host is missing an update to linux-2.6 announced via advisory DSA 1588-1. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6712 Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. CVE-2008-1615 Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. CVE-2008-2136 Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. CVE-2008-2137 David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5. Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at the time of this advisory. This advisory will be updated as these builds become available. We recommend that you upgrade your linux-2.6, fai-kernels, and Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201588-1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6712 Debian Security Information: DSA-1588 (Google Search) http://www.debian.org/security/2008/dsa-1588 http://www.redhat.com/support/errata/RHSA-2008-0275.html http://www.redhat.com/support/errata/RHSA-2008-0585.html SuSE Security Announcement: SUSE-SA:2008:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://www.ubuntu.com/usn/usn-625-1 BugTraq ID: 29294 http://www.securityfocus.com/bid/29294 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9210 http://secunia.com/advisories/30294 http://secunia.com/advisories/30368 http://secunia.com/advisories/30818 http://secunia.com/advisories/31107 http://secunia.com/advisories/31628 XForce ISS Database: linux-kernel-hrtimerforward-dos(41827) http://xforce.iss.net/xforce/xfdb/41827 Common Vulnerability Exposure (CVE) ID: CVE-2008-1615 https://bugzilla.redhat.com/show_bug.cgi?id=431430 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:167 http://www.mandriva.com/security/advisories?name=MDVSA-2008:174 http://www.redhat.com/support/errata/RHSA-2008-0237.html SuSE Security Announcement: SUSE-SA:2008:031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html SuSE Security Announcement: SUSE-SA:2008:032 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html SuSE Security Announcement: SUSE-SA:2008:035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html SuSE Security Announcement: SUSE-SA:2008:038 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html BugTraq ID: 29086 http://www.securityfocus.com/bid/29086 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9563 http://www.securitytracker.com/id?1020047 http://secunia.com/advisories/30252 http://secunia.com/advisories/30890 http://secunia.com/advisories/30962 http://secunia.com/advisories/30112 http://secunia.com/advisories/30982 XForce ISS Database: linux-kernel-processtrace-dos(42278) http://xforce.iss.net/xforce/xfdb/42278 Common Vulnerability Exposure (CVE) ID: CVE-2008-2136 http://marc.info/?l=linux-netdev&m=121031533024912&w=2 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html http://www.redhat.com/support/errata/RHSA-2008-0607.html http://www.redhat.com/support/errata/RHSA-2008-0612.html http://www.redhat.com/support/errata/RHSA-2008-0973.html http://www.redhat.com/support/errata/RHSA-2008-0787.html BugTraq ID: 29235 http://www.securityfocus.com/bid/29235 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11038 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6503 http://secunia.com/advisories/30499 http://www.vupen.com/english/advisories/2008/1543/references http://www.securitytracker.com/id?1020118 http://secunia.com/advisories/30198 http://secunia.com/advisories/30241 http://secunia.com/advisories/30276 http://secunia.com/advisories/31198 http://secunia.com/advisories/31341 http://secunia.com/advisories/31689 http://secunia.com/advisories/33201 http://secunia.com/advisories/33280 http://www.vupen.com/english/advisories/2008/1716/references XForce ISS Database: linux-kernel-ipip6rcv-dos(42451) http://xforce.iss.net/xforce/xfdb/42451 Common Vulnerability Exposure (CVE) ID: CVE-2008-2137 http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604 BugTraq ID: 29397 http://www.securityfocus.com/bid/29397 http://www.securitytracker.com/id?1020119 XForce ISS Database: linux-kernel-mmap-dos(42681) http://xforce.iss.net/xforce/xfdb/42681
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: