Debian Security Advisory DSA 1872-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA 1872-1.

Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2698 Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service (system crash). Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). For the oldstable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-24etch4. We recommend that you upgrade your linux-2.6, fai-kernels, and

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201872-1