linux-2.6 - several issues

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:

• CVE-2009-4067
  Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald
  module, a driver for Auerswald PBX/System Telephone USB devices. Attackers
  with physical access to a system’s USB ports could obtain elevated
  privileges using a specially crafted USB device.
• CVE-2011-0712
  Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
  module, a USB driver for Native Instruments USB audio devices. Attackers
  with physical access to a system’s USB ports could obtain elevated
  privileges using a specially crafted USB device.
• CVE-2011-1020
  Kees Cook discovered an issue in the /proc filesystem that allows local
  users to gain access to sensitive process information after execution of a
  setuid binary.
• CVE-2011-2209
  Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the
  alpha architecture. Local users could obtain access to sensitive kernel
  memory.
• CVE-2011-2211
  Dan Rosenberg discovered an issue in the osf_wait4() system call on the
  alpha architecture permitting local users to gain elevated privileges.
• CVE-2011-2213
  Dan Rosenberg discovered an issue in the INET socket monitoring interface.
  Local users could cause a denial of service by injecting code and causing
  the kernel to execute an infinite loop.
• CVE-2011-2484
  Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
  a process can register is not capped, resulting in local denial of service
  through resource exhaustion (CPU time and memory).
• CVE-2011-2491
  Vasily Averin discovered an issue with the NFS locking implementation. A
  malicious NFS server can cause a client to hang indefinitely in an unlock
  call.
• CVE-2011-2492
  Marek Kroemeke and Filip Palian discovered that uninitialized struct
  elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
  memory through leaked stack memory.
• CVE-2011-2495
  Vasiliy Kulikov of Openwall discovered that the io file of a process’ proc
  directory was world-readable, resulting in local information disclosure of
  information such as password lengths.
• CVE-2011-2496
  Robert Swiecki discovered that mremap() could be abused for local denial of
  service by triggering a BUG_ON assert.
• CVE-2011-2497
  Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
  which could lead to denial of service or privilege escalation.
• CVE-2011-2525
  Ben Pfaff reported an issue in the network scheduling code. A local user
  could cause a denial of service (NULL pointer dereference) by sending a
  specially crafted netlink message.
• CVE-2011-2928
  Timo Warns discovered that insufficient validation of Be filesystem images
  could lead to local denial of service if a malformed filesystem image is
  mounted.
• CVE-2011-3188
  Dan Kaminsky reported a weakness of the sequence number generation in the
  TCP protocol implementation. This can be used by remote attackers to inject
  packets into an active session.
• CVE-2011-3191
  Darren Lavender reported an issue in the Common Internet File System (CIFS).
  A malicious file server could cause memory corruption leading to a denial of
  service.

This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768
(
Debian bug #633738).

For the oldstable distribution (lenny), this problem has been fixed in version
2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be
released as soon as possible. Updates for the hppa and ia64 architectures will
be included in the upcoming 5.0.9 point release.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
These updates will not become active until after your system is rebooted.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or “leap-frog” fashion.