Description: A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a memory leak when releasing PPPoE sockets after they are connected, but before the "PPPIOCGCHAN" ioctl is called. This can be exploited to cause a DoS due to memory exhaustion. The vulnerability is reported in versions prior to 2.6.21-git8. Other versions may also be affected. Solution: Update to version 2.6.21-git8. Provided and/or discovered by: Reported by the vendor. Original Advisory: http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log Reproducible: Always
maintainers - please provide an updated ebuild
maintainers - please advise and bump as necessary
fixed in the new version which is in portage
CVE-2007-2480: https://bugs.gentoo.org/show_bug.cgi?id=176940 CVE-2007-2525: (this bug) Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.