Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information leak.
The Common Vulnerabilities and Exposures project identifies the following
problems:
- CVE-2010-2492
Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer
overflow condition may allow local users to cause a denial of service
or gain elevated privileges.
- CVE-2010-2954
Tavis Ormandy reported an issue in the irda subsystem which may allow
local users to cause a denial of service via a NULL pointer dereference.
- CVE-2010-3078
Dan Rosenberg discovered an issue in the XFS file system that allows
local users to read potentially sensitive kernel memory.
- CVE-2010-3080
Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
layer. Local users with sufficient privileges to open /dev/sequencer
(by default on Debian, this is members of the βaudioβ group) can
cause a denial of service via a NULL pointer dereference.
- CVE-2010-3081
Ben Hawkes discovered an issue in the 32-bit compatibility code
for 64-bit systems. Local users can gain elevated privileges due
to insufficient checks in compat_alloc_user_space allocations.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-25lenny1.
We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.
The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update:
|
Debian 5.0 (lenny) |
user-mode-linux |
2.6.26-1um-2+25lenny1 |