fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904.

• CVE-2007-3104
  Eric Sandeen provided a backport of Tejun Heo’s fix for a local denial
  of service vulnerability in sysfs. Under memory pressure, a dentry
  structure maybe reclaimed resulting in a bad pointer dereference causing
  an oops during a readdir.
• CVE-2007-4997
  Chris Evans discovered an issue with certain drivers that make use of the
  Linux kernel’s ieee80211 layer. A remote user could generate a malicious
  802.11 frame that could result in a denial of service (crash). The ipw2100
  driver is known to be affected by this issue, while the ipw2200 is
  believed not to be.
• CVE-2007-5500
  Scott James Remnant diagnosed a coding error in the implementation of
  ptrace which could be used by a local user to cause the kernel to enter
  an infinite loop.
• CVE-2007-5904
  Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could
  allow a malicious server to cause a denial of service (crash) by overflowing
  a buffer.

These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-13etch5.

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.