Candidate: CVE-2004-0178
References: 
 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
 http://www.debian.org/security/2004/dsa-479
 http://www.debian.org/security/2004/dsa-480
 http://www.debian.org/security/2004/dsa-481
 http://www.debian.org/security/2004/dsa-482
 http://www.debian.org/security/2004/dsa-489
 http://www.debian.org/security/2004/dsa-491
 http://www.debian.org/security/2004/dsa-495
 http://security.gentoo.org/glsa/glsa-200407-02.xml
 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
 http://www.redhat.com/support/errata/RHSA-2004-413.html
 http://www.redhat.com/support/errata/RHSA-2004-437.html
 ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
 http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
 http://www.ciac.org/ciac/bulletins/o-121.shtml
 http://www.ciac.org/ciac/bulletins/o-127.shtml
 http://www.ciac.org/ciac/bulletins/o-193.shtml
 http://www.securityfocus.com/bid/9985
 http://xforce.iss.net/xforce/xfdb/15868
Description: 
 The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
 before 2.4.26, when operating in 16 bit mode, does not properly
 handle certain sample sizes, which allows local users to cause a
 denial of service (crash) via a sample with an odd number of bytes.
Notes: 
 jmm> I've verified that above patch is included in 2.6.8
Bugs: 
upstream: released (2.4.26-pre3)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: released (2.4.19-4.woody2)
2.4.18-woody-security: released (2.4.18-14.3)
2.4.17-woody-security: released (2.4.17-1woody3)
2.4.16-woody-security: released (2.4.16-1woody2)
2.4.17-woody-security-hppa: released (32.4, 62.3)
2.4.17-woody-security-ia64: released (011226.17)
2.4.18-woody-security-hppa: released (62.3)