SB2007071101 - Input validation error in Linux kernel
Published: July 11, 2007
Security Bulletin ID
SB2007071101
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2007-3107)
The vulnerability allows a local user to perform service disruption.
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. This vulnerability affects Linux kernel 2.6.2 and later, when run on PowerPC systems using HTX.
Remediation
Install update from vendor's website.
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245580
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
- http://osvdb.org/37118
- http://secunia.com/advisories/25955
- http://secunia.com/advisories/25963
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/27227
- http://secunia.com/advisories/28706
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0595.html
- http://www.securityfocus.com/bid/24845
- http://www.securitytracker.com/id?1018347
- http://www.ubuntu.com/usn/usn-574-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35383
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9936