Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Buffer overflow in the RTL8169 NIC driver in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service via a long packet. The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet before 7.5.5 allows remote attackers to cause a denial of service via a crafted frame size. Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service and possibly have unspecified other impact via a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. Additionally, the kernel package was updated to the Linux upstream stable version 2.6.29.6