Bug 57826 - sys-kernel/*: Linux Kernel Equalizer Load Balancer Device Driver Local Denial Of Service Vulnerability
|
Bug#:
57826
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Security
|
|
|
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0596
|
|
Summary: sys-kernel/*: Linux Kernel Equalizer Load Balancer Device Driver Local Denial Of Service Vulnerability
|
|
Keywords:
|
|
Status Whiteboard: B3 [glsa?] plasmaroo
|
|
Opened: 2004-07-21 01:41 0000
|
Just noticed this in the SecurityFocus newsletter:
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
All done; now I'm adding on the externally maintained 2.6 sources which need
patching for this issue:
gentoo-dev-sources - Adding gregkh...
hardened-dev-sources - Adding Gentoo/Hardened team...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding `Kumba...
rsbac-dev-sources - Adding kang...
pegasos-dev-sources - Adding dholm...
If you need a patch for this issue look in
${PORTDIR}/sys-kernel/{aa,ck,...}-sources/files.
CAN-0596 patched for rsbac-dev-sources-2.6.7-r3
hardened-dev-sources fixed.
pegasos-dev-sources fixed
gentoo-dev-sources fixed in 2.6.7-r12
Everyone is set, AFAICT...
This one was not included in the kernel GLSA 200408-24, but it is apparently covered by it.
plasmaroo: please comment on the GLSA need.
This should have been covered by GLSA 200408-24 as Koon has mentioned, so I'm
closing this as FIXED.
