kernel

• Author: vmiklos
• Vulnerable: 2.6.20-5terminus7
• Unaffected: 2.6.20-5terminus8

Security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

1. The USBLCD driver does not limit the memory consumption during writes to the device. This can be exploited to cause an out-of-memory condition by writing a large amount of data to an affected device. Successful exploitation requires write access to a device using the driver.
2. A vulnerability is caused due to an error within the “decode_choice()” function in net/netfilter/bf_conntrack_h323_asn1.c when handling choices that are still encoded in the fixed-size bitfield. This can be exploited to cause access to undefined types, resulting in a crash.

• Bug Tracker URL: http://bugs.frugalware.org/task/2235

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3107