linux-2.6 - several issues

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:

• CVE-2011-1020
  Kees Cook discovered an issue in the /proc filesystem that allows local
  users to gain access to sensitive process information after execution of a
  setuid binary.
• CVE-2011-1576
  Ryan Sweat discovered an issue in the VLAN implementation. Local users may
  be able to cause a kernel memory leak, resulting in a denial of service.
• CVE-2011-2484
  Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
  a process can register is not capped, resulting in local denial of service
  through resource exhaustion (CPU time and memory).
• CVE-2011-2491
  Vasily Averin discovered an issue with the NFS locking implementation. A
  malicious NFS server can cause a client to hang indefinitely in an unlock
  call.
• CVE-2011-2492
  Marek Kroemeke and Filip Palian discovered that uninitialized struct
  elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
  memory through leaked stack memory.
• CVE-2011-2495
  Vasiliy Kulikov of Openwall discovered that the io file of a process’ proc
  directory was world-readable, resulting in local information disclosure of
  information such as password lengths.
• CVE-2011-2496
  Robert Swiecki discovered that mremap() could be abused for local denial of
  service by triggering a BUG_ON assert.
• CVE-2011-2497
  Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
  which could lead to denial of service or privilege escalation.
• CVE-2011-2517
  It was discovered that the netlink-based wireless configuration interface
  performed insufficient length validation when parsing SSIDs, resulting in
  buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a
  denial of service.
• CVE-2011-2525
  Ben Pfaff reported an issue in the network scheduling code. A local user
  could cause a denial of service (NULL pointer dereference) by sending a
  specially crafted netlink message.
• CVE-2011-2700
  Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the
  driver for the Si4713 FM Radio Transmitter driver used by N900 devices.
  Local users could exploit this issue to cause a denial of service or
  potentially gain elevated privileges.
• CVE-2011-2723
  Brent Meshier reported an issue in the GRO (generic receive offload)
  implementation. This can be exploited by remote users to create a denial of
  service (system crash) in certain network device configurations.
• CVE-2011-2905
  Christian Ohm discovered that the perf analysis tool searches for its
  config files in the current working directory. This could lead to denial of
  service or potential privilege escalation if a user with elevated privileges
  is tricked into running perf in a directory under the control of the
  attacker.
• CVE-2011-2909
  Vasiliy Kulikov of Openwall discovered that a programming error in
  the Comedi driver could lead to the information disclosure through
  leaked stack memory.
• CVE-2011-2918
  Vince Weaver discovered that incorrect handling of software event overflows
  in the perf analysis tool could lead to local denial of service.
• CVE-2011-2928
  Timo Warns discovered that insufficient validation of Be filesystem images
  could lead to local denial of service if a malformed filesystem image is
  mounted.
• CVE-2011-3188
  Dan Kaminsky reported a weakness of the sequence number generation in the
  TCP protocol implementation. This can be used by remote attackers to inject
  packets into an active session.
• CVE-2011-3191
  Darren Lavender reported an issue in the Common Internet File System (CIFS).
  A malicious file server could cause memory corruption leading to a denial of
  service.

This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768
(
Debian bug #633738).

For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution
(lenny) will be available soon.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.