Debian Security Advisory DSA 1655-1 (linux-2.6.24)

The remote host is missing an update to linux-2.6.24 announced via advisory DSA 1655-1.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. CVE-2008-3831 Olaf Kirch discovered an issue with the i915 driver that may allow local users to cause memory corruption by use of an ioctl with insufficient privilege restrictions. CVE-2008-4113/CVE-2008-4445 Eugene Teo discovered two issues in the SCTP subsystem which allow local users to obtain access to sensitive memory when the SCTP-AUTH extension is enabled. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.6. We recommend that you upgrade your linux-2.6.24 packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201655-1