| Description: | Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DSA-2110-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2492
Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges.
CVE-2010-2954
Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference.
CVE-2010-3078
Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory.
CVE-2010-3080
Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer (by default on Debian, this is members of the 'audio' group) can cause a denial of service via a NULL pointer dereference.
CVE-2010-3081
Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations.
For the stable distribution (lenny), this problem has been fixed in version 2.6.26-25lenny1.
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+25lenny1
Affected Software/OS:
'linux-2.6' package(s) on Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
