The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IPv6: vulnerabilities of IPv6 Routing Header

Synthesis of the vulnerability 

An attacker can send IPv6 packets in order to generate a denial of service or to obtain information.
Impacted systems: IOS by Cisco, Cisco Router, Fedora, FreeBSD, Juniper J-Series, Junos OS, Linux, Mandriva Linux, Mandriva NF, NetBSD, netfilter, OpenBSD, openSUSE, IP protocol, RHEL, SLES.
Severity of this alert: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 24/04/2007.
Références of this alert: BID-23615, CERTA-2007-AVI-389, CVE-2007-2242, FEDORA-2007-482, FEDORA-2007-483, FreeBSD-SA-07:03.ipv6, MDKSA-2007:171, MDKSA-2007:196, MDKSA-2007:216, NetBSD-SA2007-005, RHSA-2007:0347-01, SUSE-SA:2007:051, SUSE-SA:2008:006, VIGILANCE-VUL-6761, VU#267289.

Description of the vulnerability 

The IPv6 protocol defines optional headers: Hop-by-Hop, Routing, Fragment, etc. The Routing header can have several types:
 - 0 : source route (RFC 2460)
 - 1 : Nimrod
 - 2 : mobility (RFC 3775)
Type 0 permits to define routers to traverse, which leads to several vulnerabilities.

By sending packets with a short Hop Limit (TTL) (like traceroute) and indicating parallel routers, an attacker can discover targeted network topology. [severity:3/4]

An attacker can bounce on internal network, if firewall does not correctly filter Routing headers. [severity:3/4]

An attacker can create a packet indicating to go through:
 - router1, then
 - router2, then
 - router1, then
 - router2, then
 - etc. (loop of forty hosts)
This packet thus loops 40 times on the network, which generates a denial of service. [severity:3/4]

Previous denial of service can be amplified using IPv4-IPv6 relays, because going though IPv6-IPv4-IPv4-...-IPv4-IPv6 routers decrements IPv4 TTL N times, whereas IPv6 Hop Limit is only decremented once. [severity:3/4]

A loop between two routers can be seen as an electronic capacity, because it delays the reception of packet by the final computer. An attacker can therefore:
 - send 1000 SYN packets with a "delay" of 500ms
 - send 1000 SYN packets with a delay of 400ms
 - send 1000 SYN packets with a delay of 300ms
 - send 1000 SYN packets with a delay of 200ms
 - send 1000 SYN packets with a delay of 100ms
 - send 1000 SYN packets without delay
The destination computer will thus receive 6000 packets in 100ms, whereas attacker can only send 1000 packets in 100ms. [severity:3/4]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat impacts software or systems such as IOS by Cisco, Cisco Router, Fedora, FreeBSD, Juniper J-Series, Junos OS, Linux, Mandriva Linux, Mandriva NF, NetBSD, netfilter, OpenBSD, openSUSE, IP protocol, RHEL, SLES.

Our Vigil@nce team determined that the severity of this computer threat is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 5 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this cybersecurity bulletin.

Solutions for this threat 

Cisco, Netfilter, ipf: filtering IPv6 Routing Header.
It is recommended to filter IPv6 Routing type 0 headers:
 - Cisco IOS
    no ipv6 source-route
    deny ipv6 any any routing
 - Netfilter
    ip6tables -A INPUT -m rt --rt-type 0 -j DROP
 - ipf
    block in proto udp from any to any with v6hdrs routing

OpenBSD: patch for IPv6 Routing Header.
A patch is available:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/022_route6.patch
This patch deactivate Routing Header of type 0.

Linux kernel: version 2.6.21.1.
Version 2.6.21.1 is corrected:
  http://www.kernel.org/

Linux kernel: version 2.6.21.
Version 2.6.21 is corrected:
  http://www.kernel.org/

Linux kernel: version 2.6.20.10.
Version 2.6.20.10 is corrected:
  http://www.kernel.org/

Linux kernel: version 2.6.20.9.
Version 2.6.20.9 is corrected:
  http://www.kernel.org/

Linux kernel: version 2.6.16.50.
Version 2.6.16.50 is corrected:
  http://www.kernel.org/

JUNOS: workaround for IPv6 Type 0 Routing Headers.
A workaround is to use following filter:
firewall {
  family inet6 {
    filter filter_v6_rh {
      term 0 {
        from {
         next-header [hop-by-hop routing];
        }
        then {
         discard;
        }
      }
    }
  }
}

Fedora Core 5: new kernel packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
97806c41e24ad5f0841f0b624ee6b4925b2da41f SRPMS/kernel-2.6.20-1.2316.fc5.src.rpm
97806c41e24ad5f0841f0b624ee6b4925b2da41f noarch/kernel-2.6.20-1.2316.fc5.src.rpm
c7cb7b3b00c2a2a916aab87cfb6802d34d2752e1 ppc/kernel-2.6.20-1.2316.fc5.ppc.rpm
b5fc5ae0fc72b8fb475a0bc2bdb9fb11322fa97c ppc/kernel-devel-2.6.20-1.2316.fc5.ppc.rpm
b28e85937f3bc45d98f1d6200e01aa6300537486 ppc/kernel-smp-2.6.20-1.2316.fc5.ppc.rpm
a345490da6e648e94b428c3360d6e0f1a5f7cb18 ppc/kernel-smp-devel-2.6.20-1.2316.fc5.ppc.rpm
4e3bafed909be1a18b372d2aa83757730046f472 ppc/debug/kernel-debuginfo-2.6.20-1.2316.fc5.ppc.rpm
27a29cd18f552b542169ff036b84fa12ec56c45b ppc/kernel-doc-2.6.20-1.2316.fc5.noarch.rpm
fdf15268b80a1a25d34819f37ecf829c6a0fd9e6 x86_64/kernel-debug-devel-2.6.20-1.2316.fc5.x86_64.rpm
92b3197a0ae0b71cc4f3a9f2c98858dff6aaf0b5 x86_64/kernel-kdump-devel-2.6.20-1.2316.fc5.x86_64.rpm
d3f8ca8af1b85fc0477e42b3ba7d7ce4fbd2e38b x86_64/kernel-xen0-devel-2.6.20-1.2316.fc5.x86_64.rpm
54d208f675fd1c59ce5790608f16afb9bc81cb1c x86_64/kernel-xenU-2.6.20-1.2316.fc5.x86_64.rpm
1a6b898df00b1bfd7401d4f2cfe077231af93188 x86_64/kernel-xen-2.6.20-1.2316.fc5.x86_64.rpm
133b18e09ecfab0f2ab24e4ab4bce785226455fe x86_64/kernel-devel-2.6.20-1.2316.fc5.x86_64.rpm
2010ec3eb93b93f768558d2462ccc76644f21339 x86_64/kernel-debug-2.6.20-1.2316.fc5.x86_64.rpm
e68335d29bf537fca1dcd9c00f3027047f10410d x86_64/debug/kernel-debuginfo-2.6.20-1.2316.fc5.x86_64.rpm
75e2667d1b274f2a2f2778634337661887c74c57 x86_64/kernel-2.6.20-1.2316.fc5.x86_64.rpm
12cacdc0eac7c3de7c96b97b4c0cfa46a9f98052 x86_64/kernel-xenU-devel-2.6.20-1.2316.fc5.x86_64.rpm
ff4abf5bb6e063590ef2322779b6b5abd5ee8ee4 x86_64/kernel-xen0-2.6.20-1.2316.fc5.x86_64.rpm
d4e2b09f7d17f9fbaa253f4ffec5b28642ed8a31 x86_64/kernel-kdump-2.6.20-1.2316.fc5.x86_64.rpm
0bdda26baffc137519cd4ff0e53154b0ffe0759f x86_64/kernel-xen-devel-2.6.20-1.2316.fc5.x86_64.rpm
27a29cd18f552b542169ff036b84fa12ec56c45b x86_64/kernel-doc-2.6.20-1.2316.fc5.noarch.rpm
087dfe44e6c1c00522f0c52f5212f6b1bd4bc3d8 i386/debug/kernel-debuginfo-2.6.20-1.2316.fc5.i386.rpm
c327360e94f53ed1500312fc3fe113ee7456ac94 i386/kernel-smp-devel-2.6.20-1.2316.fc5.i586.rpm
9e02ae0a69688c8304ab580d820292984e764055 i386/kernel-smp-2.6.20-1.2316.fc5.i586.rpm
c54ee4ee85d3febb8a96b4dbd60f885741a55f38 i386/debug/kernel-debuginfo-2.6.20-1.2316.fc5.i586.rpm
26873ae86d70b8c769672679738adb3a9bd4d27e i386/kernel-devel-2.6.20-1.2316.fc5.i586.rpm
b4746bd15eb5dde17a877fe420c5b91b29d00606 i386/kernel-2.6.20-1.2316.fc5.i586.rpm
67ffc9911d025a8592e8a4cf27b467873a08c948 i386/kernel-smp-devel-2.6.20-1.2316.fc5.i686.rpm
b2d79cdc68e15a8c14f2996e96b26df4ccec0f44 i386/kernel-kdump-devel-2.6.20-1.2316.fc5.i686.rpm
72bdb2687482eae575cb5bddb95f27a719978dc0 i386/kernel-debug-2.6.20-1.2316.fc5.i686.rpm
e022d35519b41c33cb3536b8f2eb74b9e2935f8e i386/kernel-xen0-devel-2.6.20-1.2316.fc5.i686.rpm
fdaa6763f15cb8b0085f471fb8937360d08de46c i386/kernel-smp-2.6.20-1.2316.fc5.i686.rpm
1257b32ab584fa168b70fd746f543ff973756123 i386/kernel-xenU-2.6.20-1.2316.fc5.i686.rpm
51ca5a5387f5ff567a59ed96e7b06800631f3884 i386/kernel-devel-2.6.20-1.2316.fc5.i686.rpm
0bb9e4b15dbe6c9c01f22c59a686823fb955b010 i386/kernel-xen0-2.6.20-1.2316.fc5.i686.rpm
a1e116f30fb24195044fc6be66e00f57fa7cd174 i386/kernel-xen-devel-2.6.20-1.2316.fc5.i686.rpm
78add5c32b9ad93c8edccdc2a0bd416d62d2a3ba i386/kernel-smp-debug-2.6.20-1.2316.fc5.i686.rpm
0002f762cadd14ba589f1219d3b03c94753b50db i386/kernel-kdump-2.6.20-1.2316.fc5.i686.rpm
cdf934a5bd256d9a35f7c240777f7c72a31d7825 i386/kernel-2.6.20-1.2316.fc5.i686.rpm
50e3720f58b87d8f0072886f671931490e8400b7 i386/kernel-xenU-devel-2.6.20-1.2316.fc5.i686.rpm
16a0a84ba382102c354a0f2af9400844cc9d3a00 i386/debug/kernel-debuginfo-2.6.20-1.2316.fc5.i686.rpm
66b25e1510bb763ccc83326346914ab6fa61adcd i386/kernel-debug-devel-2.6.20-1.2316.fc5.i686.rpm
1e73476948ecab8fb81e7363fa2207338e3db187 i386/kernel-smp-debug-devel-2.6.20-1.2316.fc5.i686.rpm
5d53b71b8c482ab9489d7af0667121cb5eaf753e i386/kernel-xen-2.6.20-1.2316.fc5.i686.rpm
27a29cd18f552b542169ff036b84fa12ec56c45b i386/kernel-doc-2.6.20-1.2316.fc5.noarch.rpm

Fedora Core 6: new kernel packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
2c313004a95279288302ae50d9edef7bc4f8f4c1 SRPMS/kernel-2.6.20-1.2948.fc6.src.rpm
2c313004a95279288302ae50d9edef7bc4f8f4c1 noarch/kernel-2.6.20-1.2948.fc6.src.rpm
1092530ec19eaedbf88148c4766626ae461ed4d2 ppc/kernel-2.6.20-1.2948.fc6.ppc.rpm
40c7413985a5acc13cd35e918c4c91874f2b3688 ppc/debug/kernel-debuginfo-2.6.20-1.2948.fc6.ppc.rpm
bceff13b72b8af0c443edaaefcb3fcb11a5cefb1 ppc/kernel-smp-2.6.20-1.2948.fc6.ppc.rpm
da2ed8724dd5cd55655019ddbe24b20d08778ee7 ppc/kernel-headers-2.6.20-1.2948.fc6.ppc.rpm
34b12492ce4580a69c92c276d79fc3d1b6d20822 ppc/debug/kernel-debuginfo-common-2.6.20-1.2948.fc6.ppc.rpm
435ff251353c4757bcbbe97f7b980ad8905f2d8a ppc/kernel-smp-devel-2.6.20-1.2948.fc6.ppc.rpm
afde0bf2b099546b9a497aa536bb86be00b91aca ppc/debug/kernel-smp-debuginfo-2.6.20-1.2948.fc6.ppc.rpm
2acaf6f6658b4d4b48fcc4f7a67ca2ca34fc494f ppc/kernel-devel-2.6.20-1.2948.fc6.ppc.rpm
fbc27a9ad709b93ad37a3c85ddc2377e04906fb5 ppc/kernel-doc-2.6.20-1.2948.fc6.noarch.rpm
38cf76c6adb2620e237b92e8512c78ccaae130a4 x86_64/debug/kernel-debug-debuginfo-2.6.20-1.2948.fc6.x86_64.rpm
cc1d2f7f3e519fd0fabb3c143a382badec1fd5aa x86_64/kernel-kdump-devel-2.6.20-1.2948.fc6.x86_64.rpm
21e0024bb08c429c1717e008e7390bd982813f84 x86_64/kernel-debug-2.6.20-1.2948.fc6.x86_64.rpm
7f6fdb279febb073d66697dfbbfa7d0cd46407dc x86_64/kernel-xen-devel-2.6.20-1.2948.fc6.x86_64.rpm
98ff650b393af47ad3623dce296c4124035ca203 x86_64/debug/kernel-debuginfo-2.6.20-1.2948.fc6.x86_64.rpm
47dfe0bb5050e17b9c6d2b7c3d7b9e21ec1f41d5 x86_64/kernel-kdump-2.6.20-1.2948.fc6.x86_64.rpm
14af63a263e8a736514fa945bfb21cca7a167602 x86_64/kernel-devel-2.6.20-1.2948.fc6.x86_64.rpm
ae5272b7f99084fcfcc648dfe8f39fdcd1c66e6a x86_64/kernel-headers-2.6.20-1.2948.fc6.x86_64.rpm
a6663f7b7fe404a5cc7989dc638784f41b04df12 x86_64/debug/kernel-xen-debuginfo-2.6.20-1.2948.fc6.x86_64.rpm
8825f3d0fe5c8dbfa6400f3bcea82b0f4190d98b x86_64/debug/kernel-debuginfo-common-2.6.20-1.2948.fc6.x86_64.rpm
b09cfbb9e2523960a49033e482fde9e7a3460039 x86_64/kernel-xen-2.6.20-1.2948.fc6.x86_64.rpm
30cea7f04e316599bf28db6bfc01c4dc847daf77 x86_64/kernel-debug-devel-2.6.20-1.2948.fc6.x86_64.rpm
4a4c94bdd6590a71c4228a6b298889ddb268900c x86_64/kernel-2.6.20-1.2948.fc6.x86_64.rpm
ac3061d9518237af28c73cdc6f606fd22e2ae361 x86_64/debug/kernel-kdump-debuginfo-2.6.20-1.2948.fc6.x86_64.rpm
fbc27a9ad709b93ad37a3c85ddc2377e04906fb5 x86_64/kernel-doc-2.6.20-1.2948.fc6.noarch.rpm
e671bf57cd4c654121cb4e79a4f634d9123dd82a i386/kernel-headers-2.6.20-1.2948.fc6.i386.rpm
116dfe99253927d4923a4554402416544d96dac5 i386/debug/kernel-debuginfo-2.6.20-1.2948.fc6.i586.rpm
97037b6e364ab40e9b722eecd66383c24808f103 i386/debug/kernel-debuginfo-common-2.6.20-1.2948.fc6.i586.rpm
bda5bf81c2a912d05f2f40bac633ab27987acfe7 i386/kernel-devel-2.6.20-1.2948.fc6.i586.rpm
ee459232f4a3b6f6e32bbbca5bfbcd33ab7e4a01 i386/kernel-2.6.20-1.2948.fc6.i586.rpm
0285bb1eefb44431eae28cfda5f91ab77aa2d1c1 i386/kernel-xen-devel-2.6.20-1.2948.fc6.i686.rpm
c6f35a973a2d98f6ddc222b3ecfea81bfc4b0b80 i386/kernel-PAE-debug-2.6.20-1.2948.fc6.i686.rpm
946c407ad7a4f376cacc060a73520212474c50f8 i386/kernel-kdump-devel-2.6.20-1.2948.fc6.i686.rpm
787111528dd5ba1ffcebb6e614682b652dbcccf8 i386/debug/kernel-debuginfo-2.6.20-1.2948.fc6.i686.rpm
7a62100b3a673a9707cb6c9fc599da0ffd68511c i386/debug/kernel-PAE-debug-debuginfo-2.6.20-1.2948.fc6.i686.rpm
9906efe64769981c6de95656e7b893dbfe5a22da i386/debug/kernel-debuginfo-common-2.6.20-1.2948.fc6.i686.rpm
b31dc44e24c7fdd50c1ccaf82c893697199b4fae i386/debug/kernel-debug-debuginfo-2.6.20-1.2948.fc6.i686.rpm
2df6c5bcf7a9f13e634a61b57ff046b7ed8b7b45 i386/kernel-kdump-2.6.20-1.2948.fc6.i686.rpm
6c1a0c326217b10bfbf580b8cde5b7f0a6b751cc i386/kernel-debug-devel-2.6.20-1.2948.fc6.i686.rpm
952e2426afe2f78e213981ff37d5dba2bf36f826 i386/kernel-PAE-2.6.20-1.2948.fc6.i686.rpm
68cbc78649e1cf3cb4537d07d26234e57f79eccd i386/debug/kernel-xen-debuginfo-2.6.20-1.2948.fc6.i686.rpm
63e77712383b5d082296b5b823c645f3d0961b59 i386/kernel-PAE-devel-2.6.20-1.2948.fc6.i686.rpm
3fff68facae5a5ba1e10715cc9c0106f761d983e i386/kernel-devel-2.6.20-1.2948.fc6.i686.rpm
87a1c37c12d86f9c1ce2b878671d098ec59f8b84 i386/kernel-2.6.20-1.2948.fc6.i686.rpm
409c9674de340e6ae1525c786e53fc83c68237e1 i386/debug/kernel-PAE-debuginfo-2.6.20-1.2948.fc6.i686.rpm
7ad652efa98573d12da256c996f8056cd4c7057f i386/debug/kernel-kdump-debuginfo-2.6.20-1.2948.fc6.i686.rpm
021d4b336ecb30a25fc1463c2df45729b3fa2815 i386/kernel-debug-2.6.20-1.2948.fc6.i686.rpm
8ca0d5f7cb375925ed8236f0f02e642745fc3b9b i386/kernel-PAE-debug-devel-2.6.20-1.2948.fc6.i686.rpm
422b868a55b6a23a4f52df5a92d14af983793712 i386/kernel-xen-2.6.20-1.2948.fc6.i686.rpm
fbc27a9ad709b93ad37a3c85ddc2377e04906fb5 i386/kernel-doc-2.6.20-1.2948.fc6.noarch.rpm

FreeBSD: patch for IPv6.
A patch deactivating type 0 is available:
# fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch
# fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc

Mandriva 2007.0, 2007.1: new kernel packages.
New packages are available:
 Mandriva Linux 2007.0:
 d811181ab766c637c1f2c66d6e87e8d6 2007.0/i586/kernel-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 1085a0bf3e633334fc89c193d40520c5 2007.0/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 b192fa1b91318b4f821fcd1e9f76a03e 2007.0/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 54e08cecf37cacbfc490ae4a3eb803ba 2007.0/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 60eb7f61d0f91da0396ceb8cc0528a0b 2007.0/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 48bbb8ff51313a61e85562f3f5036832 2007.0/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 d6464e0a4512ae194a884a73d6196fc7 2007.0/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 4264a6f084147f6f401b5320689eab89 2007.0/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.i586.rpm
 d6845e3410f8f468b2c1e30ce2a4c4de 2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 16c9da0d48ebe6391382921c10ccac97 2007.0/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 56f44a046c471d98d6778153cdee7a80 2007.0/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 dea95558e0ada5af5f05abbc0c79aaca 2007.0/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 de1f522536c1b6615b30269f6824ba18 2007.0/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 6001c99297c562f99c827ee123d9379c 2007.0/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 7534d9a0b31ad88e5191d94dcede38f9 2007.0/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm
 d6845e3410f8f468b2c1e30ce2a4c4de 2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm
 Mandriva Linux 2007.1:
 7ecc4ad79ff8ba1f28d440aae4bae1e0 2007.1/i586/kernel-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 490f409ed0f979718b4491c79e90ca51 2007.1/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 eb01284da75d113ca144c75bdbf7bbd7 2007.1/i586/kernel-doc-latest-2.6.17-15mdv.i586.rpm
 f62258545c302e8bd6333fb1b22fdd1c 2007.1/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 d22574eaff9ffc7c66a1504bc8f5072e 2007.1/i586/kernel-enterprise-latest-2.6.17-15mdv.i586.rpm
 6721155375ef23a8d7fc6f005acb271e 2007.1/i586/kernel-latest-2.6.17-15mdv.i586.rpm
 93ec8479cf3b047f1d7b4a209641defe 2007.1/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 a2036553e6c5688c2d98041d7f784c96 2007.1/i586/kernel-legacy-latest-2.6.17-15mdv.i586.rpm
 718543542ed69def4d941d9abf51913c 2007.1/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 e808ecec927f34cd276eb0b8d40ae6a8 2007.1/i586/kernel-source-latest-2.6.17-15mdv.i586.rpm
 dfca6b82dc93cf8f8a1042c95e45c279 2007.1/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 a289ed33d6e597e7ddaab03fb7c7d726 2007.1/i586/kernel-source-stripped-latest-2.6.17-15mdv.i586.rpm
 d7302d839d738503b4fb79e187a7144c 2007.1/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 09cdb36a943e21a6e26a34879e8a7b94 2007.1/i586/kernel-xen0-latest-2.6.17-15mdv.i586.rpm
 baf363280921a090134bbe9e8e646f10 2007.1/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.i586.rpm
 90317de9412ace8f3f5d2d29dde72977 2007.1/i586/kernel-xenU-latest-2.6.17-15mdv.i586.rpm
 364e7f83e4948ba15c894b4da4642161 2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm
 Mandriva Linux 2007.1/X86_64:
 4b0a0e1ccbd82e9130243af1bf0a8848 2007.1/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 ef962dd6f6c5c6c0a88bf340701f6ba9 2007.1/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 2611fb6d342c0c57e68199ae9cff1aad 2007.1/x86_64/kernel-doc-latest-2.6.17-15mdv.x86_64.rpm
 002d07f36a0caf770b4e9be713421c1e 2007.1/x86_64/kernel-latest-2.6.17-15mdv.x86_64.rpm
 01a245502f9b0dd70bb03b81ab791951 2007.1/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 cde593c1b74843033072bf39b55aad51 2007.1/x86_64/kernel-source-latest-2.6.17-15mdv.x86_64.rpm
 6c80e89a69737f853a5c28a4ef9c26e8 2007.1/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 f36ca98ce2f577675e864feec1936d95 2007.1/x86_64/kernel-source-stripped-latest-2.6.17-15mdv.x86_64.rpm
 e8f1196c4a6a8c3948327c1fdb2287b3 2007.1/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 01f1acb664885bc6587b6cb96dec3de3 2007.1/x86_64/kernel-xen0-latest-2.6.17-15mdv.x86_64.rpm
 6eb46e2f4045b78d1f89f76a9ce04ee5 2007.1/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm
 bf51ac4bde7a22fb8c5d40fff840ed58 2007.1/x86_64/kernel-xenU-latest-2.6.17-15mdv.x86_64.rpm
 364e7f83e4948ba15c894b4da4642161 2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm

Mandriva Linux Corporate 4.0: new kernel packages.
New packages are available:
 Corporate 4.0:
 3657c208eeb3c079d9ff0a4ca55a9b03 corporate/4.0/i586/kernel-2.6.12.32mdk-1-1mdk.i586.rpm
 0cd8fd1c504f3365fe503c4fd627b6ea corporate/4.0/i586/kernel-BOOT-2.6.12.32mdk-1-1mdk.i586.rpm
 fbabe3497810452a0052bc67a5fb4f29 corporate/4.0/i586/kernel-doc-2.6.12.32mdk-1-1mdk.i586.rpm
 02edfc1bbb2bd826c4a9152d670cc2cc corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.32mdk-1-1mdk.i586.rpm
 88b0876de92beff866bb91ba57be0a70 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.32mdk-1-1mdk.i586.rpm
 e813926dc184e911deb62a1e34cff8ed corporate/4.0/i586/kernel-smp-2.6.12.32mdk-1-1mdk.i586.rpm
 a8011ebbe529551463f87cc22f3da22f corporate/4.0/i586/kernel-source-2.6.12.32mdk-1-1mdk.i586.rpm
 813ba955a1e9b5ff9834aeebbe477a93 corporate/4.0/i586/kernel-source-stripped-2.6.12.32mdk-1-1mdk.i586.rpm
 be08ad30fbc3988f654c1532e73fc330 corporate/4.0/i586/kernel-xbox-2.6.12.32mdk-1-1mdk.i586.rpm
 5894ac0216cf38203d2002a19db70c15 corporate/4.0/i586/kernel-xen0-2.6.12.32mdk-1-1mdk.i586.rpm
 62d5b93083df571edbf8785bc754dd6e corporate/4.0/i586/kernel-xenU-2.6.12.32mdk-1-1mdk.i586.rpm
 423fe3296a56ff845fd643890663cdee corporate/4.0/SRPMS/kernel-2.6.12.32mdk-1-1mdk.src.rpm
 Corporate 4.0/X86_64:
 a51bd78ce00e65f7521625c8c67605f0 corporate/4.0/x86_64/kernel-2.6.12.32mdk-1-1mdk.x86_64.rpm
 8d407ed81be714537c2c957918cedfed corporate/4.0/x86_64/kernel-BOOT-2.6.12.32mdk-1-1mdk.x86_64.rpm
 730c0bae9b443e5f9d8cb3c8a3486488 corporate/4.0/x86_64/kernel-doc-2.6.12.32mdk-1-1mdk.x86_64.rpm
 06391bd475945e8a8b76dcb33989fc83 corporate/4.0/x86_64/kernel-smp-2.6.12.32mdk-1-1mdk.x86_64.rpm
 bc9c9a881f18b5c2f892684aaeee84cf corporate/4.0/x86_64/kernel-source-2.6.12.32mdk-1-1mdk.x86_64.rpm
 b0240b751985babe1aabda9c9e231a92 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.32mdk-1-1mdk.x86_64.rpm
 b1b4750de7daf9cb12ed0057a8851f32 corporate/4.0/x86_64/kernel-xen0-2.6.12.32mdk-1-1mdk.x86_64.rpm
 915a8eb87a9fc0c0deab5e696f27c59b corporate/4.0/x86_64/kernel-xenU-2.6.12.32mdk-1-1mdk.x86_64.rpm
 423fe3296a56ff845fd643890663cdee corporate/4.0/SRPMS/kernel-2.6.12.32mdk-1-1mdk.src.rpm

Mandriva: new kernel packages.
New packages are available:
 
 Corporate 3.0:
 951b74d57e994b4628145efacc37222c corporate/3.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm
 86de2411fb8c3d140849b8acdb2ddf6e corporate/3.0/i586/kernel-BOOT-2.6.3.37mdk-1-1mdk.i586.rpm
 cdf5a2817b915da2da45f9437ec8d38f corporate/3.0/i586/kernel-doc-2.6.3-37mdk.i586.rpm
 59d21423ef81ff35dddad9001fda3642 corporate/3.0/i586/kernel-enterprise-2.6.3.37mdk-1-1mdk.i586.rpm
 9d1434bd62398cf5dcaab7415f147277 corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm
 a529c6992a35891bc520d3ad890cbf12 corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm
 3d2a8f68700537c645640f5306ca8960 corporate/3.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm
 be4214847382dc6f0d5643f22ddf8f39 corporate/3.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm
 e2689b9b306664d765d862c0daede5d5 corporate/3.0/i586/kernel-source-2.6.3-37mdk.i586.rpm
 008504eda8fed1c67454cd60c027d028 corporate/3.0/i586/kernel-source-stripped-2.6.3-37mdk.i586.rpm
 b9d3ea705a1bef93599196cc49b82542 corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm
 Corporate 3.0/X86_64:
 8169fd11e477ca0b8632c08a7117917e corporate/3.0/x86_64/kernel-2.6.3.37mdk-1-1mdk.x86_64.rpm
 cf8eb0161a4546fa607b0d929a1aa0f4 corporate/3.0/x86_64/kernel-BOOT-2.6.3.37mdk-1-1mdk.x86_64.rpm
 872f9663d73566764008dd809eec01cf corporate/3.0/x86_64/kernel-doc-2.6.3-37mdk.x86_64.rpm
 324a6126fae141784d37ee9d9225d89a corporate/3.0/x86_64/kernel-secure-2.6.3.37mdk-1-1mdk.x86_64.rpm
 c91f757553e380aafc8188e7639b6f55 corporate/3.0/x86_64/kernel-smp-2.6.3.37mdk-1-1mdk.x86_64.rpm
 7b7ef3e6dcd36a7148f582c22c62640c corporate/3.0/x86_64/kernel-source-2.6.3-37mdk.x86_64.rpm
 ff5dbcddb882758fd0f6f74c90b9281a corporate/3.0/x86_64/kernel-source-stripped-2.6.3-37mdk.x86_64.rpm
 b9d3ea705a1bef93599196cc49b82542 corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm
 Multi Network Firewall 2.0:
 a5c867fd3c793d8322dc1b126316851f mnf/2.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm
 86082110e7d82931a415bfeae71a1d26 mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm
 bb8cd008ed4dce886eef632c2e21fe87 mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm
 998a08ace2f127df5421122ddb3fa66f mnf/2.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm
 14607a9531ab4b2a39ea92290138f2a2 mnf/2.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm
 a7036e1a17abe820d86dd900ca4e9736 mnf/2.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm

NetBSD: patch for IPv6 Type 0 Routing Header.
NetBSD's announce indicates how to update system.

OpenBSD: several patches.
After availability of version 4.1, several patches were published:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/macppc/006_altivec.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/005_route6.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/004_xorg.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/002_splnet.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/001_mbuf.patch

RHEL: new kernel packages.
New packages are available:
Red Hat Enterprise Linux version 5: kernel-2.6.18-8.1.4.el5

SUSE 10.1: new kernel packages.
New packages are available:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/*/kernel*-2.6.16.53-0.8

SUSE: new kernel packages (07/02/2008).
New packages are available:
   openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-*-2.6.18.8-0.8.i586.rpm
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-*-2.6.16.54-0.2.5.i586.rpm
   openSUSE 10.3:
   http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-*-2.6.22.16-0.2.i586.rpm
   SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T
     http://support.novell.com/techcenter/psdb/77ce3c74a6caf6fca743d8880665caa3.html
   SUSE Linux Enterprise 10 SP1 DEBUGINFO for IBM zSeries 64bit
     http://support.novell.com/techcenter/psdb/d4cff2b1abe0fb52b37ff429ac257008.html
   SUSE Linux Enterprise 10 SP1 DEBUGINFO for IBM POWER
     http://support.novell.com/techcenter/psdb/d1087847584deef8eb5071a114eb5560.html
   SUSE Linux Enterprise 10 SP1 DEBUGINFO for IPF
     http://support.novell.com/techcenter/psdb/e8fcad0e5b1e2b84bd1cdf22e4eaf477.html
   SUSE Linux Enterprise Server 10 SP1
     http://support.novell.com/techcenter/psdb/77ce3c74a6caf6fca743d8880665caa3.html
     http://support.novell.com/techcenter/psdb/d4cff2b1abe0fb52b37ff429ac257008.html
     http://support.novell.com/techcenter/psdb/d1087847584deef8eb5071a114eb5560.html
     http://support.novell.com/techcenter/psdb/e8fcad0e5b1e2b84bd1cdf22e4eaf477.html
     http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html
   SLE SDK 10 SP1
     http://support.novell.com/techcenter/psdb/77ce3c74a6caf6fca743d8880665caa3.html
     http://support.novell.com/techcenter/psdb/d1087847584deef8eb5071a114eb5560.html
     http://support.novell.com/techcenter/psdb/e8fcad0e5b1e2b84bd1cdf22e4eaf477.html
     http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html
   SUSE Linux Enterprise 10 SP1 DEBUGINFO
     http://support.novell.com/techcenter/psdb/77ce3c74a6caf6fca743d8880665caa3.html
     http://support.novell.com/techcenter/psdb/d1087847584deef8eb5071a114eb5560.html
     http://support.novell.com/techcenter/psdb/e8fcad0e5b1e2b84bd1cdf22e4eaf477.html
     http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html
   SUSE Linux Enterprise Desktop 10 SP1
     http://support.novell.com/techcenter/psdb/77ce3c74a6caf6fca743d8880665caa3.html
     http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html
   SUSE Linux Enterprise Desktop 10 SP1 for x86
     http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities note. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.