linux-2.6.24 - several vulnerabilities

Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service or leak sensitive data. The Common Vulnerabilities
and Exposures project identifies the following problems:

• CVE-2008-3272
  Tobias Klein reported a locally exploitable data leak in the
  snd_seq_oss_synth_make_info() function. This may allow local users
  to gain access to sensitive information.
• CVE-2008-3275
  Zoltan Sogor discovered a coding error in the VFS that allows local users
  to exploit a kernel memory leak resulting in a denial of service.
• CVE-2008-3276
  Eugene Teo reported an integer overflow in the DCCP subsystem that
  may allow remote attackers to cause a denial of service in the form
  of a kernel panic.
• CVE-2008-3526
  Eugene Teo reported a missing bounds check in the SCTP subsystem.
  By exploiting an integer overflow in the SCTP_AUTH_KEY handling code,
  remote attackers may be able to cause a denial of service in the form
  of a kernel panic.
• CVE-2008-3534
  Kel Modderman reported an issue in the tmpfs filesystem that allows
  local users to crash a system by triggering a kernel BUG() assertion.
• CVE-2008-3535
  Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance
  function which can be exploited by local users to crash a system,
  resulting in a denial of service.
• CVE-2008-3792
  Vlad Yasevich reported several NULL pointer reference conditions in
  the SCTP subsystem that can be triggered by entering sctp-auth codepaths
  when the AUTH feature is inactive. This may allow attackers to cause
  a denial of service condition via a system panic.
• CVE-2008-3915
  Johann Dahm and David Richter reported an issue in the nfsd subsystem
  that may allow remote attackers to cause a denial of service via a
  buffer overflow.

For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.5.

We recommend that you upgrade your linux-2.6.24 packages.