Debian 5.0 DSA-1862-1 Critical: Local Privilege Escalation in Linux Kernel

A vulnerability has been discovered in the Linux kernel that may lead
to privilege escalation. The Common Vulnerabilities and Exposures project
identifies the following problem:

CVE-2009-2692

Tavis Ormandy and Julien Tinnes discovered an issue with how the
sendpage function is initialized in the proto_ops structure.
Local users can exploit this vulnerability to gain elevated
privileges.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-17lenny2.

For the oldstable distribution (etch), this problem will be fixed in
updates to linux-2.6 and linux-2.6.24.

We recommend that you upgrade your linux-2.6 and user-mode-linux
packages.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normal...