linux-2.6 - security update

This update fixes the CVEs described below.

• CVE-2015-0272
  It was discovered that NetworkManager would set IPv6 MTUs based on
  the values received in IPv6 RAs (Router Advertisements), without
  sufficiently validating these values. A remote attacker could
  exploit this attack to disable IPv6 connectivity. This has been
  mitigated by adding validation in the kernel.
• CVE-2015-5156
  Jason Wang discovered that when a virtio_net device is connected
  to a bridge in the same VM, a series of TCP packets forwarded
  through the bridge may cause a heap buffer overflow. A remote
  attacker could use this to cause a denial of service (crash) or
  possibly for privilege escalation.
• CVE-2015-5364
  It was discovered that the Linux kernel does not properly handle
  invalid UDP checksums. A remote attacker could exploit this flaw to
  cause a denial of service using a flood of UDP packets with invalid
  checksums.
• CVE-2015-5366
  It was discovered that the Linux kernel does not properly handle
  invalid UDP checksums. A remote attacker can cause a denial of
  service against applications that use epoll by injecting a single
  packet with an invalid checksum.
• CVE-2015-5697
  A flaw was discovered in the md driver in the Linux kernel leading
  to an information leak.
• CVE-2015-5707
  An integer overflow in the SCSI generic driver in the Linux kernel
  was discovered. A local user with write permission on a SCSI generic
  device could potentially exploit this flaw for privilege escalation.
• CVE-2015-6937
  It was found that the Reliable Datagram Sockets (RDS) protocol
  implementation did not verify that an underlying transport exists
  when creating a connection. Depending on how a local RDS
  application initialised its sockets, a remote attacker might be
  able to cause a denial of service (crash) by sending a crafted
  packet.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze14.

For the oldstable distribution (wheezy), these problems have been
fixed in version 3.2.68-1+deb7u4 or earlier.

For the stable distribution (jessie), these problems have been fixed
in version 3.16.7-ckt11-1+deb8u4 or earlier.