Just noticed this in the SecurityFocus newsletter: The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
All done; now I'm adding on the externally maintained 2.6 sources which need patching for this issue: gentoo-dev-sources - Adding gregkh... hardened-dev-sources - Adding Gentoo/Hardened team... hppa-dev-sources - Adding GMSoft... mips-sources - Adding `Kumba... rsbac-dev-sources - Adding kang... pegasos-dev-sources - Adding dholm... If you need a patch for this issue look in ${PORTDIR}/sys-kernel/{aa,ck,...}-sources/files.
CAN-0596 patched for rsbac-dev-sources-2.6.7-r3
mips-sources fixed
hardened-dev-sources fixed.
pegasos-dev-sources fixed
gentoo-dev-sources fixed in 2.6.7-r12
Fixed on hppa.
Everyone is set, AFAICT... This one was not included in the kernel GLSA 200408-24, but it is apparently covered by it. plasmaroo: please comment on the GLSA need.
This should have been covered by GLSA 200408-24 as Koon has mentioned, so I'm closing this as FIXED.