Debian Security Advisory DSA 2110-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA 2110-1.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2492 Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges. CVE-2010-2954 Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference. CVE-2010-3078 Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory. CVE-2010-3080 Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer (by default on Debian, this is members of the 'audio' group) can cause a denial of service via a NULL pointer dereference. CVE-2010-3081 Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-25lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202110-1