linux-2.6 - several issues

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information leak.
The Common Vulnerabilities and Exposures project identifies the following
problems:

• CVE-2010-2492
  Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer
  overflow condition may allow local users to cause a denial of service
  or gain elevated privileges.
• CVE-2010-2954
  Tavis Ormandy reported an issue in the irda subsystem which may allow
  local users to cause a denial of service via a NULL pointer dereference.
• CVE-2010-3078
  Dan Rosenberg discovered an issue in the XFS file system that allows
  local users to read potentially sensitive kernel memory.
• CVE-2010-3080
  Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
  layer. Local users with sufficient privileges to open /dev/sequencer
  (by default on Debian, this is members of the ‘audio’ group) can
  cause a denial of service via a NULL pointer dereference.
• CVE-2010-3081
  Ben Hawkes discovered an issue in the 32-bit compatibility code
  for 64-bit systems. Local users can gain elevated privileges due
  to insufficient checks in compat_alloc_user_space allocations.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-25lenny1.

We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.

The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update: