kernel-source-2.6.8 - several

CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958
CVE-2007-1357 CVE-2007-1592

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code.

This update also fixes a regression in the smbfs subsystem which was introduced
in DSA-1233
which caused symlinks to be interpreted as regular files.

The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2005-4811
  David Gibson reported an issue in the hugepage code which could permit
  a local DoS (system crash) on appropriately configured systems.
• CVE-2006-4814
  Doug Chapman discovered a potential local DoS (deadlock) in the mincore
  function caused by improper lock handling.
• CVE-2006-4623
  Ang Way Chuang reported a remote DoS (crash) in the dvb driver which
  can be triggered by a ULE package with an SNDU length of 0.
• CVE-2006-5753
  Eric Sandeen provided a fix for a local memory corruption vulnerability
  resulting from a misinterpretation of return values when operating on
  inodes which have been marked bad.
• CVE-2006-5754
  Darrick Wong discovered a local DoS (crash) vulnerability resulting from
  the incorrect initialization of nr_pages in aio_setup_ring().
• CVE-2006-5757
  LMH reported a potential local DoS which could be exploited by a malicious
  user with the privileges to mount and read a corrupted iso9660 filesystem.
• CVE-2006-6053
  LMH reported a potential local DoS which could be exploited by a malicious
  user with the privileges to mount and read a corrupted ext3 filesystem.
• CVE-2006-6056
  LMH reported a potential local DoS which could be exploited by a malicious
  user with the privileges to mount and read a corrupted hfs filesystem on
  systems with SELinux hooks enabled (Debian does not enable SELinux by
  default).
• CVE-2006-6060
  LMH reported a potential local DoS (infinite loop) which could be exploited
  by a malicious user with the privileges to mount and read a corrupted NTFS
  filesystem.
• CVE-2006-6106
  Marcel Holtman discovered multiple buffer overflows in the Bluetooth
  subsystem which can be used to trigger a remote DoS (crash) and potentially
  execute arbitrary code.
• CVE-2006-6535
  Kostantin Khorenko discovered an invalid error path in dev_queue_xmit()
  which could be exploited by a local user to cause data corruption.
• CVE-2007-0958
  Santosh Eraniose reported a vulnerability that allows local users to read
  otherwise unreadable files by triggering a core dump while using PT_INTERP.
  This is related to CVE-2004-1073.
• CVE-2007-1357
  Jean Delvare reported a vulnerability in the appletalk subsystem.
  Systems with the appletalk module loaded can be triggered to crash
  by other systems on the local network via a malformed frame.
• CVE-2007-1592
  Masayuki Nakagawa discovered that flow labels were inadvertently
  being shared between listening sockets and child sockets. This defect
  can be exploited by local users to cause a DoS (Oops).

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.