| From the Pardus advisory:
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows
remote attackers to cause a denial of service (memory corruption) via a
large number of Bluetooth sockets, related to the size of sysfs files in
(1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3)
net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c. (CVE-2010-1084)
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel
2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service
(Oops) via unknown vectors related to truncating a file and an operation
that is not interruptible. (CVE-2010-1087)
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem
exists, does not restrict read or write access to the .reiserfs_priv
directory, which allows local users to gain privileges by modifying (1)
extended attributes or (2) ACLs, as demonstrated by deleting a file
under .reiserfs_priv/xattrs/. (CVE-2010-1146) | 