New Linux Kernel Patched
The first Linux kernel of the year gets a point upgrade as work continues on the next version.
Security firm Secunia has rated the three vulnerabilities as ''moderately critical''; the potential impact could be a Denial of Service (DoS) attack against a vulnerable system.
The first vulnerability, CVE-2006-0035, describes a flaw that could trigger an infinite loop that a malicious user could potentially exploit as a DoS attack.
A patch for CVE-2006-0036, the second vulnerability, fixes a crash in ip_nat_pptp.
''When an inbound PPTP_IN_CALL_REQUEST packet is received the PPTP NAT helper uses a NULL pointer in pointer arithmetic to calculate the offset in the packet which needs to be mangled and corrupts random memory or crashes,'' according to the changelog for 18.104.22.168, the latest point release.