Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, privilege escalation or a leak of
sensitive data. The Common Vulnerabilities and Exposures project
identifies the following problems:
- CVE-2008-1514
Jan Kratochvil reported a local denial of service vulnerability in
the ptrace interface for the s390 architecture. Local users can
trigger an invalid pointer dereference, leading to a system panic.
- CVE-2008-3525
Eugene Teo reported a lack of capability checks in the kernel
driver for Granch SBNI12 leased line adapters (sbni), allowing
local users to perform privileged operations.
- CVE-2008-3831
Olaf Kirch discovered an issue with the i915 driver that may allow
local users to cause memory corruption by use of an ioctl with
insufficient privilege restrictions.
- CVE-2008-4113/CVE-2008-4445
Eugene Teo discovered two issues in the SCTP subsystem which allow
local users to obtain access to sensitive memory when the
SCTP-AUTH extension is enabled.
For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.6.
We recommend that you upgrade your linux-2.6.24 packages.