Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information and bypass certain security restrictions.

1) The "do_replace()", "compat_do_replace()", and "do_arpt_get_ctl()" functions in net/ipv4/netfilter/arp_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

2) The "do_replace()", "compat_do_replace()", and "do_ipt_get_ctl()" functions in net/ipv4/netfilter/ip_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

3) The "do_replace()", "compat_do_replace()", and "do_ip6t_get_ctl()" functions in net/ipv6/netfilter/ip6_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

Successful exploitation of these weaknesses requires "CAP_NET_ADMIN" capabilities.

4) The "rt_sigqueueinfo()" and "rt_tgsigqueueinfo()" system calls do not properly verify the signal's si_code, which can be exploited to e.g. spoof the origin of a SI_TKILL signal.

Solution
Update to version 2.6.38.3.

Provided and/or discovered by
1-3) Vasiliy Kulikov
4) Julien Tinnes, Google security team

Changelog
Further details available to Secunia VIM customers

Original Advisory
1-3)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=78b79876761b86653df89c48a7010b5cbd41a84a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6a8ab060779779de8aea92ce3337ca348f973f54

4)
http://www.openwall.com/lists/oss-security/2011/03/22/13
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=da48524eb20662618854bb3df2db01fc65f3070c

Deep Links
Links available to Secunia VIM customers