Linux kernel 2.6.15.1 to fix multiple vulnerabilities

Linux kernel version 2.6.15.1 is released 2 days ago after the identification of multiple vulnerabilities in the version 2.6.15 and prior which could be exploited by remote or local attackers to cause a denial of service.

[root@mylinux ~]# uname -a
Linux mylinux.home 2.6.14-1.1656_FC4 #1 ... GNU/Linux

Oooops! >:)

The first issue is due to an infinite loop in the "netlink_rcv_skb" [af_netlink.c] function when handling a specially crafted "nlmsg_len" value, which could be exploited by local attackers to cause a denial of service.

The second flaw is due to an error in the PPTP NAT helper that does not properly calculate the offset when handling an inbound "PPTP_IN_CALL_REQUEST" packet, which could be exploited by attackers to crash a vulnerable system.

The third vulnerability is due to an error in the PPTP NAT helper that does not properly calculate the offset based on the difference between two pointers to the header, which could be exploited by attackers to cause a kernel crash.

It is recommended to update to the version 2.6.15.1

Links:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.1
http://www.kernel.org
http://www.frsirt.com/english/advisories/2006/0220