Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-198-33-96.compute-1.amazonaws.com [54.198.33.96]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 03 / 2007

System: Microsoft Windows
Topic: Vulnerability due to animated Cursor
Links: Microsoft, AL-2007.0038, AU-2007.0010, AU-2007.0011, AU-2007.0012, ISS Alert
ID: ae-200703-054

Microsoft points out possible attacks against Microsoft Windows (including Vista) exploiting a vulnerability in the way Windows handles animated cursor (.ani) files. This might lead to the execution of arbitrary code when a user visits a web site or views a specially crafted E-Mail. A patch will be available at the next patchday. Until then, only trusted sites should be visited and view E-Mail in plain text format only.

System: Linux
Topic: Vulnerability in Apache 1.3
Links: OpenPKG-SA-2007.011, CVE-2007-1349
ID: ae-200703-053

A vulnerability has been reported in mod_perl, which potentially can be exploited by malicious people to cause a DoS (Denial-of-Service) by sending requests with specially crafted URLs to a vulnerable server. For some systems, a patch is available.

System: Some
Topic: Vulernability in IBM Lotus Sametime
Links: iDEFENSE #495, ESB-2007.0205
ID: ae-200703-052

Sametime product ist a real-time online conferencing solution. Remote exploitation of a input validation vulnerability in Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. The IBM Lotus Sametime team has addressed this issue by removing the affected ActiveX control from the current version of their product. Additionally they have provided hotfixes for older versions.

System: Some
Topic: Vulnerabilities in IBM Lotus Domino
Links: iDEFENSE #493, iDEFENSE #494, CVE-2006-4843, ESB-2007.0203, AL-2007.0036, AL-2007.0037
ID: ae-200703-051

Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of E-Mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. IBM Lotus has addressed this vulnerability in the 6.5.6 and 7.0.2 FP1 releases of Web Access.
Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause Denial-of-Service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. IBM Lotus has addressed this vulnerability in the 6.5.6 and 7.0.2 FP1 releases of Domino.

System: Mandriva Linux
Topic: Vulnerabilities in openoffice.org
Links: MDKSA-2007:073, CVE-2007-0238, CVE-2007-0239
ID: ae-200703-050

Several vulnereabilities were found in openoffice.org. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice to crash or possibly execute arbitrary code if the file was opened by a victim. A stack overflow was discovered in the StarCalc parser. Flaws were discovered in the way OpenOffice.org handled hyperlinks. Fixed packages are available now.

System: Cisco
Topic: Vulnerabilities in Cisco Unified CallManage and Cisco Presence Server
Links: Cisco, ESB-2007.0202, R-191
ID: ae-200703-049

Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Servcie (DoS) condition. Cisco has made free software available to address these vulnerabilities for affected customers.

System: NetBSD
Topic: Vulnerability in iso
Links: NetBSD-SA2007-004, CVE-2007-1677, ESB-2007.0204
ID: ae-200703-048

Due to insufficient length checking in iso(4) it is possible for a local user to cause an overflow, resulting in a local denial of service or local root compromise. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerability in evolution
Links: MDKSA-2007:070, CVE-2007-1002, ESB-2007.0200
ID: ae-200703-047

A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in nas
Links: DSA-1273, CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547, ESB-2007.0201, R-190
ID: ae-200703-046

A number of problems were discovered with the nas (Network Audio System) daemon that could be used to crash nasd. Fixed packages are available now.

System: SGI Advanced Linux Environment
Topic: Vulnerabilities in gnupg, seamonkey, and wireshark
Links: SGI_20070301-01
ID: ae-200703-045

SGI has released the Security Update #72 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in gnupg, seamonkey, and wireshark.
So it's recommended to install this update.

System: Various
Topic: Vulnerability in DataRescue IDA Pro
Links: iDefense, ESB-2007.0197
ID: ae-200703-044

Remote exploitation of a password bypass vulnerability in DataRescue Inc.'s IDA Pro Remote Debugger Server allows attackers to execute arbitrary code under the context of the user who is running the remote debugger server. Fixed software is available now.

System: Various
Topic: Vulnerability in Sun Java System Directory Server
Links: Sun Alert 102853, iDefense, CVE-2006-4175, ESB-2007.0196
ID: ae-200703-043

Sun Java System Directory Server is an LDAP server distributed by Sun with multiple products. Remote exploitation of a design error vulnerability in Sun Microsystems Inc.'s Java System Directory Server 5.2 may cause a denial of service (DoS) condition. Fixed software is not available yet.

System: Various
Topic: Vulnerability in file
Links: CVE-2007-1536, VU#606700, MDKSA-2007:067, RHSA-2007-0124, ESB-2007.0194, DSA-1274, ESB-2007.0209
ID: ae-200703-042

An integer underflow in the file_printf() function in 'file' allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Fixed software is available now.

System: Microsoft Windows
Topic: Vulnerability in InterActual Player SyscheckObject ActiveX
Links: VU#922969, CVE-2007-0348, R-188
ID: ae-200703-041

InterActual Player provides multiple ActiveX controls that are vulnerable to buffer overflows. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. A patch is not available yet.

System: Microsoft Windows
Topic: Vulnerabilities in CA BrightStor ARCserve Backup
Links: CA, CVE-2006-6076, CVE-2007-0816, CVE-2007-1447, CVE-2007-1448, R-185
ID: ae-200703-040

Several vulnerabilities were found in CA BrightStor ARCserv Backup that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. A patch is available now.

System: Mandriva Linux
Topic: Vulnerabilities in squid and inkscape
Links: MDKSA-2007:068, CVE-2007-1560, ESB-2007.0199 MDKSA-2007:069, CVE-2007-1463
ID: ae-200703-039

Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.
Format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
Fixed packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in tcpdump
Links: DSA-1272, CVE-2007-1218, ESB-2007.0193, R-189
ID: ae-200703-038

An off-by-one buffer overflow was discovered in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in openoffice.org
Links: RHSA-2007-0033, RHSA-2007-0069, CVE-2007-0238, CVE-2007-0239, CVE-2007-1466, ESB-2007.0191, ESB-2007.0192, R-187
ID: ae-200703-037

Several vulnereabilities were found in openoffice.org. Several overflow bugs were found in libwpd which is used by OpenOffice. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice to crash or possibly execute arbitrary code if the file was opened by a victim. A stack overflow was discovered in the StarCalc parser. Flaws were discovered in the way OpenOffice.org handled hyperlinks. Fixed packages are available now.

System: Cisco IP Phone
Topic: Vulnerability in Cisco IP Phone
Links: Cisco, ESB-2007.0190
ID: ae-200703-036

Cisco IP Phone 7940/7960 SIP firmware version 7.4(0) is vulnerable to a denial of service attack by malicious SIP INVITE. Firmware version 8.6(0) is not vulnerable to this issue.

System: Turbolinux
Topic: Vulnerabilities in kdelibs and php
Links: TLSA-2007-19, CVE-2007-0537, TLSA-2007-20, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
ID: ae-200703-035

A vulnerability was found in KHTML, a component of the 'kdelibs' package. Remote attackers to conduct cross-site scripting (XSS) attacks.
Multiple vulnerabilities (buffer overflows, buffer underflow, format string) exist in php. These vulnerabilities may allow remote attackers to execute arbitrary code via a crafted data.
Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in nas
Links: MDKSA-2007:065, CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
ID: ae-200703-034

A number of problems were discovered with the nas (Network Audio System) daemon that could be used to crash nasd. Fixed packages are available now.

System: Various
Topic: Vulnerability in OpenAFS
Links: CVE-2007-1507, DSA-1271, ESB-2007.0189, R-183, MDKSA-2007:066
ID: ae-200703-033

By default, OpenAFS supports setuid programs within the local cell, which could allow attackers to obtain privileges. Fixed software is available now.

System: Mac OS X
Topic: Vulnerability in iPhoto
Links: Apple, ESB-2007.0177
ID: ae-200703-032

A format string vulnerability exists in iPhoto. Subscribing to a maliciously-crafted photocast may lead to arbitrary code execution. An update is available now.

System: SUSE Linux
Topic: Vulnerabilities in kernel
Links: SUSE-SA:2007:021, CVE-2006-2936, CVE-2006-5749, CVE-2006-5751, CVE-2006-5753, CVE-2006-6106, CVE-2007-0006, CVE-2007-0772
ID: ae-200703-031

Several vulnerabilities were discovered in the Linux 2.6 kernel. Fixed kernel packages are available now.

System: Debian GNU/Linux
Topic: Vulnerability in lookup-el
Links: DSA-1269, CVE-2007-0237, ESB-2007.0187, R-186
ID: ae-200703-030

It was discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in libwpd and OpenOffice.org
Links: iDefense, CVE-2007-0002, CVE-2007-1466, DSA-1268, ESB-2007.0179, R-184, DSA-1270, ESB-2007.0188, MDKSA-2007:063, MDKSA-2007:064, RHSA-2007-0055, ESB-2007.0185, SUSE-SA:2007:023
ID: ae-200703-029

Several overflow bugs were found in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. A patch is available now.

System: Various
Topic: Vulnerability in Sun Java System Web Server
Links: Sun Alert #102822, R-179
ID: ae-200703-028

A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain authorized access to certain web server instances. A patch is available now.

System: Debian GNU/Linux
Topic: Vulnerability in webcalendar
Links: DSA-1267, CVE-2007-1343, ESB-2007.0173
ID: ae-200703-027

It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Trend Micro AntiVirus Engine
Links: iDefense, ESB-2007.0172
ID: ae-200703-026

Remote exploitation of a divide by zero error in Trend Micro AntiVirus may allow attackers to cause a denial of service. The vulnerability exists in the kernel driver, VsapiNT.sys. A patch is available now.

System: Mac OS X
Topic: Apple Security Update 2007-003
Links: APPLE-SA-2007-03-15, ESB-2007.0159, R-176
ID: ae-200703-025

Several security issues in ColorSync, CoreGraphics, Crash Reporter, CUPS, Disk Images, DS Plug-Ins, Flash Player, GNU Tar, HFS, HID Family, ImageIO, Kernel, MySQL Server, Networking, OpenSSH, Printing, QuickDraw Manager, servermgrd, SMB File Server, Software Update, sudo, and WebLog are fixed and bundled in the Security Update 2007-003, which is available now.

System: OpenBSD
Topic: Vulnerability in IPv6
Links: CVE-2007-1365, VU#986425, AL-2007.0034
ID: ae-200703-024

A vulnerability in the ICMP6 handling of the OpenBSD Kernel may allow remote compromise. A patch is available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in Red Hat Enterprise Linux 5
Links: RHSA-2007-0057, RHSA-2007-0061, RHSA-2007-0066, RHSA-2007-0068, RHSA-2007-0075, RHSA-2007-0082, RHSA-2007-0087, RHSA-2007-0097, RHSA-2007-0099, RHSA-2007-0107, RHSA-2007-0108, RHSA-2007-0114
ID: ae-200703-023

Several vulnerabilities were found in the newly released Red Hat Enterprise Linux 5. Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in wireshark
Links: RHSA-2007-0066, CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459, ESB-2007.0162
ID: ae-200703-022

Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. Fixed packages are available now.

System: Various
Topic: Vulnerability in Java Dynamic Management Kit
Links: Sun Alert #102835, ESB-2007.0157
ID: ae-200703-021

A security vulnerability in the JMX RMI-IIOP API may allow a local user who is able to create a JMX RMI-IIOP server application to gain unauthorized access to certain local data if a remote user who has privileges to access that data connects to that server application. Fixed software is available now.

System: HP-UX
Topic: Vulnerabilities in Java Runtime Environment and Java Developer Kit
Links: HPSBUX02196, SSRT07138, CVE-2006-6731, CVE-2006-6745, CVE-2007-0243, R-174
ID: ae-200703-020

The Sun Java Runtime Environment (JRE) and Java Developer Kit (JDK) contain multiple vulnerabilities that can allow a remote, unauthenticated user to execute arbitrary code on a vulnerable system. HP has made an updated package available.

System: Sun Fire X2100M2 / 2200M2
Topic: Vulnerability in ipmitool
Links: Sun Alert #102828, ESB-2007.0156, R-175
ID: ae-200703-019

A security vulnerability in the ipmitool(1m) utility may allow an unprivileged user to gain unauthorized administrative privileges and then be able to reset or power off a local or remote SunFire X2100M2 or SunFire X2200M2 server. Fixed firmware is available now.

System: NetBSD
Topic: Vulnerabilities in kernel, xserver, and BIND
Links: NetBSD-SA2007-001, CVE-2007-1273, ESB-2007.0152,
NetBSD-SA2007-002, CVE-2006-6101, CVE-2006-6102, CVE-2006-6103, ESB-2007.0153,
NetBSD-SA2007-003, CVE-2007-0493, CVE-2007-0494, ESB-2007.0154
ID: ae-200703-018

Due to insufficient length checking in ktruser() as used by FreeBSD and Darwin compatibility code, it is possible for a user to cause an integer overflow, resulting in a local denial of service and potentially local root compromise. Fixed packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in kdelibs, mplayer, xine-lib, tcpdump, and ekiga
Links: MDKSA-2007:054, CVE-2007-1308, MDKSA-2007:055, MDKSA-2007:057, MDKSA-2007:061, MDKSA-2007:062, CVE-2007-1246, CVE-2007-1387, MDKSA-2007:056, CVE-2007-1218, MDKSA-2007:058, CVE-2007-0999
ID: ae-200703-017

Several security vulnerabilities were found in kdelibs, mplayer, xine-lib, tcpdump, and ekiga. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows Explorer
Links: VU#194944, ESB-2007.0149
ID: ae-200703-016

Microsoft Windows Explorer fails to properly handle malformed Office documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as crashing Windows Explorer. A patch is not available yet.

System: Various
Topic: Vulnerability in Novell Netmail WebAdmin
Links: VU#919369, CVE-2007-1350, ESB-2007.0150, R-173
ID: ae-200703-015

Novell NetMail contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerabilities in php4
Links: DSA-1264, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988, ESB-2007.0151
ID: ae-200703-014

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Fixed packages are available now.

System: Various
Topic: Vulnerability in Asterisk
Links: VU#228032, ESB-2007.0143
ID: ae-200703-013

Asterisk contains an unspecified vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition on a vulnerable system. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerability in util-linux
Links: MDKSA-2007:053, CVE-2007-0822
ID: ae-200703-012

Umount allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. Fixed packages are available now.

System: HP-UX
Topic: Vulnerability in HP-UX Software Distributor
Links: HPSBUX02195, SSRT061237, ESB-2007.0144
ID: ae-200703-011

A potential security vulnerability has been identified with the version of GZIP delivered by HP-UX Software Distributor (SD). The vulnerability could be remotely exploited leading to a Denial of Service (DoS). HP has made an updated package available.

System: Various
Topic: Vulnerabilities in QuickTime and iTunes
Links: CVE-2007-0711, CVE-2007-0712, CVE-2007-0713, CVE-2007-0714, CVE-2007-0715, CVE-2007-0716, CVE-2007-0717, CVE-2007-0718, VU#313225, VU#410993, VU#448745, VU#568689, VU#642433, VU#822481, VU#861817, VU#880561, iDefense, AL-2007.0031, R-171
ID: ae-200703-010

QuickTime contains vulnerabilities in the handling of five different media formats, potentially allowing a remote attacker to compromise the computer when the user visits a malicious web page or opens malicious files. Since QuickTime is supplied as a component of Apple iTunes, iTunes installations are also affected by these vulnerabilities. Fixed software is available now.

System: Various
Topic: Vulnerability in GnuPG
Links: GnuPG, Core Security, CVE-2007-1263, CVE-2007-1264, CVE-2007-1265, CVE-2007-1266, CVE-2007-1267, CVE-2007-1268, CVE-2007-1269, ESB-2007.0143, RHSA-2007-0106, ESB-2007.0145, R-172, MDKSA-2007:059, DSA-1266, ESB-2007.0158, ESB-2007.0176
ID: ae-200703-009

Scripts and applications using GnuPG are prone to a vulnerability in how signature verification information is shown to the end user. An attacker is able to add arbitrary content to a signed message. The receiver of the message (using a mail client such as Enigmail to read the message) will not be able to distinguish the forged and the properly signed parts of the message. Affected products include GnuPG, GPGME, Enigmail, KMail, Evolution, Sylpheed, Mutt, and GNUMail. Fixed software is available now.

System: Red Hat Enterprise Linux
Topic: Vulnerability in mod_jk
Links: RHSA-2007-0096, CVE-2007-0774, AL-2007.0030
ID: ae-200703-008

mod_jk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP Server 2. A stack overflow flaw was found in the URI handler of mod_jk. A remote attacker could visit a carefully crafted URL being handled by mod_jk and trigger this flaw, which could lead to the execution of arbitrary code as the 'apache' user. Fixed packages are available now.

System: Various
Topic: Vulnerability in EMC NetWorker Management Console
Links: VU#875633, ESB-2007.0140, R-170, AL-2007.0032
ID: ae-200703-007

A vulnerability in the authentication mechanism used by the Legato NetWorker Management Console may allow an attacker to execute arbitrary commands. A patch is available now.

System: Microsoft Windows
Topic: Vulnerability in Citrix Presentation Server Client
Links: VU#798364, R-168
ID: ae-200703-006

The Citrix Presentation Server Client for Windows includes support for making ICA connections through proxy servers. An implementation flaw in this functionality may allow an attacker to execute arbitrary code in the context of the client process. Fixed software is available now.

System: Debian GNU/Linux
Topic: Vulnerability in gnomemeeting
Links: DSA-1262, CVE-2007-1007, ESB-2007.0142
ID: ae-200703-005

It was discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code. Fixed packages are available now.

System: Various
Topic: Vulnerability in Symantec Mail Security for SMTP
Links: VU#875633, ESB-2007.0140, R-170
ID: ae-200703-004

Symantec Mail Security for SMTP contains a vulnerability that occurs when processing mail messages with malformed headers. A remote, unauthenticated attacker to execute arbitrary code, or create a denial of service condition. A patch is available now.

System: SGI Advanced Linux Environment
Topic: Vulnerabilities in seamonkey
Links: SGI_20070202-01
ID: ae-200703-003

SGI has released the Security Update #71 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in seamonkey.
So it's recommended to install this update.

System: Cisco Catalyst
Topic: Vulnerability in Cisco Network Analysis Module
Links: Cisco, VU#472412, ESB-2007.0136, R-166
ID: ae-200703-002

Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). Cisco has made free software available to address this vulnerability.

System: SUSE Linux
Topic: Vulnerabilities in kernel
Links: SUSE-SA:2007:018, CVE-2006-2936, CVE-2006-4814, CVE-2006-5749, CVE-2006-5753, CVE-2006-6106, CVE-2007-0772
ID: ae-200703-001

Several vulnerabilities were discovered in the Linux 2.6 kernel. Fixed kernel packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH