linux-2.6 - several vulnerabilities

Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2007-6694
  Cyrill Gorcunov reported a NULL pointer dereference in code specific
  to the CHRP PowerPC platforms. Local users could exploit this issue
  to achieve a Denial of Service (DoS).
• CVE-2008-0007
  Nick Piggin of SuSE discovered a number of issues in subsystems which
  register a fault handler for memory mapped areas. This issue can be
  exploited by local users to achieve a Denial of Service (DoS) and possibly
  execute arbitrary code.
• CVE-2008-1294
  David Peer discovered that users could escape administrator imposed cpu
  time limitations (RLIMIT_CPU) by setting a limit of 0.
• CVE-2008-1375
  Alexander Viro discovered a race condition in the directory notification
  subsystem that allows local users to cause a Denial of Service (oops)
  and possibly result in an escalation of privileges.

For the stable distribution (etch), these problems have been fixed in version
2.6.18.dfsg.1-18etch3.

The unstable (sid) and testing distributions will be fixed soon.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.