From Ubuntu's USN-131-1 A Denial of Service vulnerability was discovered in the fib_seq_start() function(). This allowed a local user to crash the system by reading /proc/net/route in a certain way. (CAN-2005-1041)
A little bit of info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1041 The actual post with a patch: http://marc.theaimsgroup.com/?l=bk-commits-head&m=111186506706769&w=2
This was actually committed a long while back. (note the date on the email is march) Here's the bk commit: http://linux.bkbits.net:8080/linux-2.6/cset@1.1982.168.25 Given the commit date of 2005-03-18 it looks like 2.6.5 and up should be ok for that issue. :-) There may be some other CANs in that Ubuntu advisory that are for newer issues though: https://www.ubuntulinux.org/support/documentation/usn/usn-131-1
Oh geezzz, I feel really stupid now. When I glanced at the release dates for the kernels I looked at 2004, why I didn't realize that 2.6.5 was a year ago, and not two moths ago, I have no idea, sorry for that bit of extra noise :-(
Yep, patch you need is here: http://linux.bkbits.net:8080/linux-2.6/cset@1.1982.168.25 I've just checked that USN and everything else already has bugs filed.
This only affects < 2.6.11.
Only affects < 2.6.11 and the only affected sources were mips-sources-2.6.10 which were patched a while ago. Closing bug as FIXED.
