From the Debian advisory:
CVE-2009-1192:
Shaohua Li reported an issue in the AGP subsystem they may allow
local users to read sensitive kernel memory due to a leak of
uninitialized memory.
CVE-2009-1242:
Benjamin Gilbert reported a local denial of service vulnerability
in the KVM VMX implementation that allows local users to trigger
an oops.
CVE-2009-1265:
Thomas Pollet reported an overflow in the af_rose implementation
that allows remote attackers to retrieve uninitialized kernel
memory that may contain sensitive data.
CVE-2009-1337:
Oleg Nesterov discovered an issue in the exit_notify function that
allows local users to send an arbitrary signal to a process by
running a program that modifies the exit_signal field and then
uses an exec system call to launch a setuid application.
CVE-2009-1338:
Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to
reach processes outside of the current process namespace.
CVE-2009-1439:
Pavan Naregundi reported an issue in the CIFS filesystem code that
allows remote users to overwrite memory via a long
nativeFileSystem field in a Tree Connect response during mount.
| 