Linux 2.6.x ext2 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when read operation is being done on a crafted fs stream.
Patch here: http://lkml.org/lkml/2006/12/21/208 Not yet upstream, but it was only sent yesterday.
Fixed versions: gentoo-sources-2.6.18-r6 genpatches-2.6.18-8 gentoo-sources-2.6.19-r3 genpatches-2.6.19-4
Proposed metadata: [linux < 2.6.16.38] via http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.38 [gp < 2.6.18-8] [gp > 2.6.18-8 < 2.6.19-4] [gentoo < 2.6.18-r6] [gentoo > 2.6.18-r6 < 2.6.19-r3]