CAN-2004-1335 Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function. See URL for common patches with bug 78362 and bug 74392.
I don't think the mails are going in the inboxes of the people on kern-sec@ for whatever reason. Or atleast when I just checked my inbox I see nothing.
ignore last comment. They were in my spam folder for whatever reason.
Tim/plasmaroo can you make heads/tails of exactly which patches need to be added to 2.4.x? he has 4 patches listed.
For this bug just the following changeset is needed (Should apply to 2.4 also): http://linux.bkbits.net:8080/linux-2.6/gnupatch@41b76673BNGyitGqJmXlJzqgdV85yg
Fixed in ~x86 hardened-sources-2.4.28-r4
Thanks tim grsec-sources patch in ~arch
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all of these...
gentoo-dev-sources is unaffected
`Kumba: It seems mips-sources-2.4.27, 2.4.28, 2.6.8.1 and 2.6.9 still need this fix; anything >= 2.6.10 already includes it.
openmosix-sources also needs patching...
mips-sources fixed.
All fixed, closing bug.