Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:
- CVE-2007-6716
Joe Jin reported a local denial of service vulnerability that
allows system users to trigger an oops due to an improperly
initialized data structure.
- CVE-2008-1514
Jan Kratochvil reported a local denial of service vulnerability in
the ptrace interface for the s390 architecture. Local users can
trigger an invalid pointer dereference, leading to a system panic.
- CVE-2008-3276
Eugene Teo reported an integer overflow in the DCCP subsystem that
may allow remote attackers to cause a denial of service in the
form of a kernel panic.
- CVE-2008-3525
Eugene Teo reported a lack of capability checks in the kernel
driver for Granch SBNI12 leased line adapters (sbni), allowing
local users to perform privileged operations.
- CVE-2008-3833
The S_ISUID/S_ISGID bits were not being cleared during an inode
splice, which, under certain conditions, can be exploited by local
users to obtain the privileges of a group for which they are not a
member. Mark Fasheh reported this issue.
- CVE-2008-4210
David Watson reported an issue in the open()/creat() system calls
which, under certain conditions, can be exploited by local users
to obtain the privileges of a group for which they are not a
member.
- CVE-2008-4302
A coding error in the splice subsystem allows local users to
attempt to unlock a page structure that has not been locked,
resulting in a system crash.
For the stable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-22etch3.
We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.