kernel-source-2.4.27 - several

Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:

• CVE-2005-0756
  Alexander Nyberg discovered that the ptrace() system call does not
  properly verify addresses on the amd64 architecture which can be
  exploited by a local attacker to crash the kernel.
• CVE-2005-0757
  A problem in the offset handling in the xattr file system code for
  ext3 has been discovered that may allow users on 64-bit systems
  that have access to an ext3 filesystem with extended attributes to
  cause the kernel to crash.
• CVE-2005-1762
  A vulnerability has been discovered in the ptrace() system call on
  the amd64 architecture that allows a local attacker to cause the
  kernel to crash.
• CVE-2005-1767
  A vulnerability has been discovered in the stack segment fault
  handler that could allow a local attacker to cause a stack exception
  that will lead the kernel to crash under certain circumstances.
• CVE-2005-1768
  Ilja van Sprundel discovered a race condition in the IA32 (x86)
  compatibility execve() systemcall for amd64 and IA64 that allows
  local attackers to cause the kernel to panic and possibly execute
  arbitrary code.
• CVE-2005-2456
  Balazs Scheidler discovered that a local attacker could call
  setsockopt() with an invalid xfrm_user policy message which would
  cause the kernel to write beyond the boundaries of an array and
  crash.
• CVE-2005-2458
  Vladimir Volovich discovered a bug in the zlib routines which are
  also present in the Linux kernel and allows remote attackers to
  crash the kernel.
• CVE-2005-2459
  Another vulnerability has been discovered in the zlib routines
  which are also present in the Linux kernel and allows remote
  attackers to crash the kernel.
• CVE-2005-2553
  A null pointer dereference in ptrace when tracing a 64-bit
  executable can cause the kernel to crash.
• CVE-2005-2801
  Andreas Gruenbacher discovered a bug in the ext2 and ext3 file
  systems. When data areas are to be shared among two inodes not
  all information were compared for equality, which could expose
  wrong ACLs for files.
• CVE-2005-2872
  Chad Walstrom discovered that the ipt_recent kernel module to stop
  SSH bruteforce attacks could cause the kernel to crash on 64-bit
  architectures.
• CVE-2005-3275
  An error in the NAT code allows remote attackers to cause a denial
  of service (memory corruption) by causing two packets for the same
  protocol to be NATed at the same time, which leads to memory
  corruption.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

We recommend that you upgrade your kernel package immediately and
reboot the machine.