Debian Security Advisory DSA 1653-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA 1653-1.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6716 Joe Jin reported a local denial of service vulnerability that allows system users to trigger an oops due to an improperly initialized data structure. CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. CVE-2008-3833 The S_ISUID/S_ISGID bits were not being cleared during an inode splice, which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. Mark Fasheh reported this issue. CVE-2008-4210 David Watson reported an issue in the open()/creat() system calls which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. CVE-2008-4302 A coding error in the splice subsystem allows local users to attempt to unlock a page structure that has not been locked, resulting in a system crash. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-22etch3. We recommend that you upgrade your linux-2.6, fai-kernels, and

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201653-1