Debian 2.2: DSA-047-1 Moderate Security Advisory for Kernel Issues

Package : various kernel packages
Problem type : multiple
Debian-specific: no

The kernels used in Debian GNU/Linux 2.2 have been found to have
multiple security problems. This is a list of problems based
on the 2.2.19 release notes as found on Linux.com - News For Open Source Professionals :

* binfmt_misc used user pages directly
* the CPIA driver had an off-by-one error in the buffer code which made
it possible for users to write into kernel memory
* the CPUID and MSR drivers had a problem in the module unloading code
which could case a system crash if they were set to automatically load
and unload (please note that Debian does not automatically unload kernel
modules)
* There was a possible hang in the classifier code
* The getsockopt and setsockopt system calls did not handle sign bits
correctly which made a local DoS and other attacks possible
* The sysctl system call did not handle sign bits correctly which allowed
a user to write in kernel memory
* ptrace/exec races that co...