Originally discovered by Victor Julien that there is a way to crash the Linux kernel by sending a single IPv6 packet at it. 1) The CVE-2007-4567 issue was reported to Red Hat in September 2007. Red Hat Enterprise Linux 5 was found not to be affected. 2) On December 18, 2009, a customer reported to us that Red Hat Enterprise Linux 5 was vulnerable to CVE-2007-4567. 3) Investigations showed that the issue was introduced in the RHBA-2008-0314 update on May 21, 2008 via a backport of a collection of patches for DoD IPv6 conformance. 4) Updates released on January 7, 2010 for Red Hat Enterprise Linux 5, resolving CVE-2007-4567. Note that the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG are not affected. Upstream commit: http://git.kernel.org/linus/e76b2b2567b83448c2ee85a896433b96150c92e6 Reference: http://rhn.redhat.com/errata/RHBA-2008-0314.html https://rhn.redhat.com/errata/RHSA-2010-0019.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0019 https://rhn.redhat.com/errata/RHSA-2010-0019.html
*** Bug 554343 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products: Red Hat Enterprise Linux 5.3.Z - Server Only Via RHSA-2010:0053 https://rhn.redhat.com/errata/RHSA-2010-0053.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.2 Z Stream Via RHSA-2010:0079 https://rhn.redhat.com/errata/RHSA-2010-0079.html
This issue has been addressed in following products: Red Hat Enterprise Virtualization for RHEL-5 Via RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html