kernel-source-2.6.8 - several vulnerabilities

This advisory covers the S/390 components of the recent security
update for the Linux 2.6.8 kernel that were missing due to technical
problems. For reference, please see the text of the original advisory.

>
> Several security related problems have been discovered in the Linux
> kernel which may lead to a denial of service or even the execution of
> arbitrary code. The Common Vulnerabilities and Exposures project
> identifies the following problems:
>
>
> * CVE-2004-2660
> Toshihiro Iwamoto discovered a memory leak in the handling of
> direct I/O writes that allows local users to cause a denial of
> service.
> * CVE-2005-4798
> A buffer overflow in NFS readlink handling allows a malicious
> remote server to cause a denial of service.
> * CVE-2006-1052
> Stephen Smalley discovered a bug in the SELinux ptrace handling
> that allows local users with ptrace permissions to change the
> tracer SID to the SID of another process.
> * CVE-2006-1343
> Pavel Kankovsky discovered an information leak in the getsockopt
> system call which can be exploited by a local program to leak
> potentially sensitive memory to userspace.
> * CVE-2006-1528
> Douglas Gilbert reported a bug in the sg driver that allows local
> users to cause a denial of service by performing direct I/O
> transfers from the sg driver to memory mapped I/O space.
> * CVE-2006-1855
> Mattia Belletti noticed that certain debugging code left in the
> process management code could be exploited by a local attacker to
> cause a denial of service.
> * CVE-2006-1856
> Kostik Belousov discovered a missing LSM file_permission check in
> the readv and writev functions which might allow attackers to
> bypass intended access restrictions.
> * CVE-2006-2444
> Patrick McHardy discovered a bug in the SNMP NAT helper that
> allows remote attackers to cause a denial of service.
> * CVE-2006-2446
> A race condition in the socket buffer handling allows remote
> attackers to cause a denial of service.
> * CVE-2006-2935
> Diego Calleja Garcia discovered a buffer overflow in the DVD
> handling code that could be exploited by a specially crafted DVD
> USB storage device to execute arbitrary code.
> * CVE-2006-2936
> A bug in the serial USB driver has been discovered that could be
> exploited by a custom made USB serial adapter to consume arbitrary
> amounts of memory.
> * CVE-2006-3468
> James McKenzie discovered a denial of service vulnerability in the
> NFS driver. When exporting an ext3 file system over NFS, a remote
> attacker could exploit this to trigger a file system panic by
> sending a specially crafted UDP packet.
> * CVE-2006-3745
> Wei Wang discovered a bug in the SCTP implementation that allows
> local users to cause a denial of service and possibly gain root
> privileges.
> * CVE-2006-4093
> Olof Johansson discovered that the kernel does not disable the HID0
> bit on PowerPC 970 processors which could be exploited by a local
> attacker to cause a denial of service.
> * CVE-2006-4145
> A bug in the Universal Disk Format (UDF) filesystem driver could
> be exploited by a local user to cause a denial of service.
> * CVE-2006-4535
> David Miller reported a problem with the fix for CVE-2006-3745
> that allows local users to crash the system via an SCTP
> socket with a certain SO_LINGER value.
>
>
>

The following matrix explains which kernel version for which
architecture fixes the problem mentioned above:

For the unstable distribution (sid) these problems have been fixed in
version 2.6.18-1.

We recommend that you upgrade your kernel package and reboot the
machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.