Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and by malicious people to cause a DoS.

1) A vulnerability is caused due to the incorrect initialisation of the proto_ops structure for certain protocols (e.g. PF_APPLETALK, PF_IPX, PF_IRDA, PF_X25, PF_AX25 families, PF_BLUETOOTH, PF_IUCV, PF_INET6 (with IPPROTO_SCTP), PF_PPPOX, and PF_ISDN), which can be exploited to cause a NULL pointer dereference when triggering the "sock_sendpage()" function for an incorrectly initialised socket.

2) A NULL pointer dereference exists within the "cmp_ies()" function in net/wireless/scan.c. This can be exploited to crash a vulnerable system by tricking it into scanning and processing specially crafted SSID IEs.

3) A NULL pointer dereference exists within the "load_flat_shared_library()" function in fs/binfmt_flat.c, which can be exploited to cause a crash and potentially execute arbitrary code with root privileges.

Solution
Update to version 2.6.30.5.

Provided and/or discovered by
1) Tavis Ormandy and Julien Tinnes, Google Security Team
2) Reported by the vendor.
3) Bernd Schmidt

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

Deep Links
Links available to Secunia VIM customers