linux-2.6.24 - several vulnerabilities

NOTE: This kernel update marks the final planned kernel security
update for the 2.6.24 kernel in the Debian release ‘etch’. Although
security support for ‘etch’ officially ended on Feburary 15th, 2010,
this update was already in preparation before that date.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:

• CVE-2009-2691
  Steve Beattie and Kees Cook reported an information leak in the
  maps and smaps files available under /proc. Local users may be
  able to read this data for setuid processes while the ELF binary
  is being loaded.
• CVE-2009-2695
  Eric Paris provided several fixes to increase the protection
  provided by the mmap_min_addr tunable against NULL pointer
  dereference vulnerabilities.
• CVE-2009-3080
  Dave Jones reported an issue in the gdth SCSI driver. A missing
  check for negative offsets in an ioctl call could be exploited by
  local users to create a denial of service or potentially gain
  elevated privileges.
• CVE-2009-3726
  Trond Myklebust reported an issue where a malicious NFS server
  could cause a denial of service condition on its clients by
  returning incorrect attributes during an open call.
• CVE-2009-3889
  Joe Malicki discovered an issue in the megaraid_sas driver.
  Insufficient permissions on the sysfs dbg_lvl interface allow
  local users to modify the debug logging behavior.
• CVE-2009-4005
  Roel Kluin discovered an issue in the hfc_usb driver, an ISDN
  driver for Colognechip HFC-S USB chip. A potential read overflow
  exists which may allow remote users to cause a denial of service
  condition (oops).
• CVE-2009-4020
  Amerigo Wang discovered an issue in the HFS filesystem that would
  allow a denial of service by a local user who has sufficient
  privileges to mount a specially crafted filesystem.
• CVE-2009-4021
  Anana V. Avati discovered an issue in the fuse subsystem. If the
  system is sufficiently low on memory, a local user can cause the
  kernel to dereference an invalid pointer resulting in a denial of
  service (oops) and potentially an escalation of privileges.
• CVE-2009-4138
  Jay Fenlason discovered an issue in the firewire stack that allows
  local users to cause a denial of service (oops or crash) by making
  a specially crafted ioctl call.
• CVE-2009-4308
  Ted Ts’o discovered an issue in the ext4 filesystem that allows
  local users to cause a denial of service (NULL pointer
  dereference). For this to be exploitable, the local user must
  have sufficient privileges to mount a filesystem.
• CVE-2009-4536
  CVE-2009-4538
  Fabian Yamaguchi reported issues in the e1000 and e1000e drivers
  for Intel gigabit network adapters which allow remote users to
  bypass packet filters using specially crafted Ethernet frames.
• CVE-2010-0003
  Andi Kleen reported a defect which allows local users to gain read
  access to memory reachable by the kernel when the
  print-fatal-signals option is enabled. This option is disabled by
  default.
• CVE-2010-0007
  Florian Westphal reported a lack of capability checking in the
  ebtables netfilter subsystem. If the ebtables module is loaded,
  local users can add and modify ebtables rules.
• CVE-2010-0291
  Al Viro reported several issues with the mmap/mremap system calls
  that allow local users to cause a denial of service (system panic)
  or obtain elevated privileges.
• CVE-2010-0410
  Sebastian Krahmer discovered an issue in the netlink connector
  subsystem that permits local users to allocate large amounts of
  system memory resulting in a denial of service (out of memory).
• CVE-2010-0415
  Ramon de Carvalho Valle discovered an issue in the sys_move_pages
  interface, limited to amd64, ia64 and powerpc64 flavors in Debian.
  Local users can exploit this issue to cause a denial of service
  (system crash) or gain access to sensitive kernel memory.
• CVE-2010-0622
  Jerome Marchand reported an issue in the futex subsystem that
  allows a local user to force an invalid futex state which results
  in a denial of service (oops).

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.9etch3.

We recommend that you upgrade your linux-2.6.24 packages.