fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service, privilege escalation or a leak of
sensitive memory. The Common Vulnerabilities and Exposures project
identifies the following problems:

• CVE-2009-2698
  Herbert Xu discovered an issue in the way UDP tracks corking
  status that could allow local users to cause a denial of service
  (system crash). Tavis Ormandy and Julien Tinnes discovered that
  this issue could also be used by local users to gain elevated
  privileges.
• CVE-2009-2846
  Michael Buesch noticed a typing issue in the eisa-eeprom driver
  for the hppa architecture. Local users could exploit this issue to
  gain access to restricted memory.
• CVE-2009-2847
  Ulrich Drepper noticed an issue in the do_sigalstack routine on
  64-bit systems. This issue allows local users to gain access to
  potentially sensitive memory on the kernel stack.
• CVE-2009-2848
  Eric Dumazet discovered an issue in the execve path, where the
  clear_child_tid variable was not being properly cleared. Local
  users could exploit this issue to cause a denial of service
  (memory corruption).
• CVE-2009-2849
  Neil Brown discovered an issue in the sysfs interface to md
  devices. When md arrays are not active, local users can exploit
  this vulnerability to cause a denial of service (oops).

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-24etch4.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or “leap-frog” fashion.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update: