CAN-2004-1333 Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
See URL for common patches with bug 78363 and bug 74392.
Fixed in ~x86 hardened-sources-2.4.28-r4
Created attachment 51304 [details, diff] 2.4 patch
Created attachment 51305 [details, diff] 2.6.9 patch
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these...
gentoo-dev-sources unaffected
All fixed, closing bug.
Hrm, a few of the branched sources still need fixing; reopening.
`Kumba: It seems mips-sources-2.4.27, 2.4.28, 2.6.8.1 and 2.6.9 still need this fix; anything >= 2.6.10 already includes it.
openmosix-sources also needs patching; CCing cluster.
mips-sources fixed.