From the Pardus advisory:
CVE-2010-2226: A flaw was found in the handling of the SWAPEXT IOCTL in the Linux
kernel XFS file system implementation. A local user could use this flaw
to read write-only files, that they do not own, on an XFS file system.
This could lead to unintended information disclosure.
CVE-2010-2537: The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls should check
whether the donor file is append-only before writing to it.
CVE-2010-2538: The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer overflow that
allows a user to specify an out-of-bounds range to copy from the source
file (if off + len wraps around).
CVE-2010-2798: The problem was in the way the gfs2 directory code was trying to re-use
sentinel directory entries. A local, unprivileged user on a gfs2 mounted
directory can trigger this issue, resulting in a NULL pointer
dereference.
| 