Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0710
HistoryOct 19, 2006 - 2:36 p.m.

kernel security update

2006-10-1914:36:54
CentOS Project
lists.centos.org
66

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.056 Low

EPSS

Percentile

93.3%

JSON

CentOS Errata and Security Advisory CESA-2006:0710

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

  • a flaw in the IPC shared-memory implementation that allowed a local user
    to cause a denial of service (deadlock) that resulted in freezing the
    system (CVE-2006-4342, Important)

  • an information leak in the copy_from_user() implementation on s390 and
    s390x platforms that allowed a local user to read arbitrary kernel memory
    (CVE-2006-5174, Important)

  • a flaw in the ATM subsystem affecting systems with installed ATM
    hardware and configured ATM support that allowed a remote user to cause
    a denial of service (panic) by accessing socket buffer memory after it
    has been freed (CVE-2006-4997, Moderate)

  • a directory traversal vulnerability in smbfs that allowed a local user
    to escape chroot restrictions for an SMB-mounted filesystem via “…\”
    sequences (CVE-2006-1864, Moderate)

  • a flaw in the mprotect system call that allowed enabling write permission
    for a read-only attachment of shared memory (CVE-2006-2071, Moderate)

  • a flaw in the DVD handling of the CDROM driver that could be used
    together with a custom built USB device to gain root privileges
    (CVE-2006-2935, Moderate)

In addition to the security issues described above, a bug fix for a clock
skew problem (which could lead to unintended keyboard repeat under X11)
was also included. The problem only occurred when running the 32-bit x86
kernel on 64-bit dual-core x86_64 hardware.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-October/075494.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075495.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075496.html
https://lists.centos.org/pipermail/centos-announce/2006-October/075497.html

Affected packages:
kernel
kernel-BOOT
kernel-doc
kernel-hugemem
kernel-hugemem-unsupported
kernel-smp
kernel-smp-unsupported
kernel-source
kernel-unsupported

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0710

OSVersionArchitecturePackageVersionFilename
CentOS3ia64kernel< 2.4.21-47.0.1.ELkernel-2.4.21-47.0.1.EL.ia64.rpm
CentOS3ia64kernel-doc< 2.4.21-47.0.1.ELkernel-doc-2.4.21-47.0.1.EL.ia64.rpm
CentOS3ia64kernel-source< 2.4.21-47.0.1.ELkernel-source-2.4.21-47.0.1.EL.ia64.rpm
CentOS3ia64kernel-unsupported< 2.4.21-47.0.1.ELkernel-unsupported-2.4.21-47.0.1.EL.ia64.rpm
CentOS3i586kernel< 2.4.21-47.0.1.ELkernel-2.4.21-47.0.1.EL.i586.rpm
CentOS3i686kernel< 2.4.21-47.0.1.ELkernel-2.4.21-47.0.1.EL.i686.rpm
CentOS3i386kernel-boot< 2.4.21-47.0.1.ELkernel-BOOT-2.4.21-47.0.1.EL.i386.rpm
CentOS3i386kernel-doc< 2.4.21-47.0.1.ELkernel-doc-2.4.21-47.0.1.EL.i386.rpm
CentOS3i686kernel-hugemem< 2.4.21-47.0.1.ELkernel-hugemem-2.4.21-47.0.1.EL.i686.rpm
CentOS3i686kernel-hugemem-unsupported< 2.4.21-47.0.1.ELkernel-hugemem-unsupported-2.4.21-47.0.1.EL.i686.rpm
Rows per page:
1-10 of 351

Related

nessus 35
redhat 9
centos 6
cve 9
cert 1
nvd 9
cvelist 9
ubuntucve 7
prion 6
osv 6
openvas 24
securityvulns 6
debian 7
freebsd_advisory 1
suse 6
ubuntu 4
oraclelinux 3
vmware 1
nessus
nessus
RHEL 3 : kernel (RHSA-2006:0710)
2006-10-25 00:00:00
Oracle Linux 3 : kernel (ELSA-2006-0710)
2013-07-12 00:00:00
CentOS 3 : kernel (CESA-2006:0710)
2006-10-20 00:00:00
redhat
redhat
(RHSA-2006:0710) kernel security update
2006-10-19 00:00:00
(RHSA-2007:0013) Moderate: kernel security update
2007-01-17 00:00:00
(RHSA-2007:0012) Moderate: kernel security update
2007-01-17 00:00:00
centos
centos
kernel security update
2007-01-19 03:58:19
kernel security update
2006-07-17 05:19:27
kernel security update
2006-10-07 17:42:47
cve
cve
CVE-2006-5174
2006-10-10 04:06:00
CVE-2006-2935
2006-07-05 18:05:00
CVE-2006-4997
2006-10-10 04:06:00
cert
cert
The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory
2006-11-06 00:00:00
nvd
nvd
CVE-2006-5174
2006-10-10 04:06:00
CVE-2006-4342
2006-10-17 17:07:00
CVE-2006-2935
2006-07-05 18:05:00
cvelist
cvelist
CVE-2006-5174
2006-10-05 21:00:00
CVE-2006-2935
2006-07-05 18:00:00
CVE-2006-4997
2006-10-09 23:00:00
ubuntucve
ubuntucve
CVE-2006-4342
2006-10-17 00:00:00
CVE-2006-2935
2006-07-05 00:00:00
CVE-2006-4997
2006-10-10 00:00:00
prion
prion
Buffer overflow
2006-07-05 18:05:00
Code injection
2006-04-27 17:06:00
Code injection
2006-04-19 18:18:00
osv
osv
kernel-source-2.4.27 - several
2006-12-17 00:00:00
kernel-source-2.6.8 - several
2006-12-10 00:00:00
kernel-source-2.4.27 - several vulnerabilities
2006-09-25 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1237)
2008-01-17 00:00:00
Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1233)
2008-01-17 00:00:00
securityvulns
securityvulns
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
2006-11-14 00:00:00
rPSA-2006-0162-1 kernel
2006-09-02 00:00:00
VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
2006-11-14 00:00:00
debian
debian
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities
2006-12-17 14:07:46
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities
2006-12-10 21:06:55
[SECURITY] [DSA 1183-1] New Linux 2.4.27 packages fix several vulnerabilities
2006-09-25 06:44:29
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:16.smbfs
2006-05-31 00:00:00
suse
suse
local privilege escalation in kernel
2006-08-18 13:53:33
local privilege escalation in kernel
2006-11-10 12:48:30
remote denial of service in kernel
2006-12-21 15:00:30
ubuntu
ubuntu
Linux kernel vulnerabilities
2006-08-03 00:00:00
Linux kernel vulnerabilities
2006-09-15 00:00:00
Linux kernel vulnerabilities
2006-06-15 00:00:00
oraclelinux
oraclelinux
Important kernel security update
2006-11-30 00:00:00
Important kernel security update
2006-11-30 00:00:00
Important: kernel security update
2007-01-31 00:00:00
vmware
vmware
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
2007-07-05 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.056 Low

EPSS

Percentile

93.3%

JSON
Related for CESA-2006:0710
nessus35redhat9centos6cve9cert1nvd9cvelist9ubuntucve7prion6osv6openvas24securityvulns6debian7freebsd_advisory1suse6ubuntu4oraclelinux3vmware1