kernel: multiple vulnerabilities

CVE-2011-1012: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained a bug that could crash the kernel for certain corrupted LDM partitions.

CVE-2011-1082: The epoll subsystem in Linux did not prevent users from creating circular epoll file structures, potentially leading to a denial of service (kernel deadlock).

CVE-2011-1163: The code for evaluating OSF partitions (in fs/partitions/osf.c) contained a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions.

CVE-2011-1182: Local attackers could send signals to their programs that looked like coming from the kernel, potentially gaining privileges in the context of setuid programs.

CVE-2011-1476: Specially crafted requests may be written to /dev/sequencer resulting in an underflow when calculating a size for a copy_from_user() operation in the driver for MIDI interfaces. On x86, this just returns an error, but it could have caused memory corruption on other architectures. Other malformed requests could have resulted in the use of uninitialized variables.

CVE-2011-1477: Due to a failure to validate user-supplied indexes in the driver for Yamaha YM3812 and OPL-3 chips, a specially crafted ioctl request could have been sent to /dev/sequencer, resulting in reading and writing beyond the bounds of heap buffers, and potentially allowing privilege escalation.

CVE-2011-1493: In the rose networking stack, when parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in heap corruption. Check against ROSE_MAX_DIGIS to prevent overflows, and abort facilities parsing on failure.