Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
- CVE-2007-2878
Bart Oldeman reported a denial of service (DoS) issue in the VFAT
filesystem that allows local users to corrupt a kernel structure resulting
in a system crash. This is only an issue for systems which make use
of the VFAT compat ioctl interface, such as systems running an ‘amd64’
flavor kernel.
- CVE-2007-4571
Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.
Local users could exploit this issue to obtain sensitive information from
the kernel.
- CVE-2007-6151
ADLAB discovered a possible memory overrun in the ISDN subsystem that
may permit a local user to overwrite kernel memory by issuing
ioctls with unterminated data.
- CVE-2008-0001
Bill Roman of Datalight noticed a coding error in the linux VFS subsystem
that, under certain conditions, can allow local users to remove
directories for which they should not have removal privileges.
These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-17etch1.
We recommend that you upgrade your kernel packages immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.