57826 2004-07-21 01:41 0000 sys-kernel/*: Linux Kernel Equalizer Load Balancer Device Driver Local Denial Of Service Vulnerability 2004-09-13 08:29:52 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All All RESOLVED FIXED http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0596 B3 [glsa?] plasmaroo P2 minor --- 1 jaervosz@gentoo.org security@gentoo.org gregkh@gentoo.org jaervosz@gentoo.org 2004-07-21 01:41:39 0000 Just noticed this in the SecurityFocus newsletter: The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference. plasmaroo@gentoo.org 2004-07-21 04:30:21 0000 All done; now I'm adding on the externally maintained 2.6 sources which need patching for this issue: gentoo-dev-sources - Adding gregkh... hardened-dev-sources - Adding Gentoo/Hardened team... hppa-dev-sources - Adding GMSoft... mips-sources - Adding `Kumba... rsbac-dev-sources - Adding kang... pegasos-dev-sources - Adding dholm... If you need a patch for this issue look in ${PORTDIR}/sys-kernel/{aa,ck,...}-sources/files. kang@gentoo.org 2004-07-22 03:56:35 0000 CAN-0596 patched for rsbac-dev-sources-2.6.7-r3 kumba@gentoo.org 2004-07-22 19:19:43 0000 mips-sources fixed tseng@gentoo.org 2004-07-24 06:15:45 0000 hardened-dev-sources fixed. dholm@gentoo.org 2004-07-24 07:24:14 0000 pegasos-dev-sources fixed gregkh@gentoo.org 2004-08-06 17:12:41 0000 gentoo-dev-sources fixed in 2.6.7-r12 gmsoft@gentoo.org 2004-08-09 16:33:00 0000 Fixed on hppa. koon@gentoo.org 2004-09-02 06:34:15 0000 Everyone is set, AFAICT... This one was not included in the kernel GLSA 200408-24, but it is apparently covered by it. plasmaroo: please comment on the GLSA need. plasmaroo@gentoo.org 2004-09-13 08:29:52 0000 This should have been covered by GLSA 200408-24 as Koon has mentioned, so I'm closing this as FIXED.