Candidate: CVE-2005-3858 References: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=f982542ed2f495cbe94e6d9001878f27ea738b36 MISC:http://lkml.org/lkml/2005/8/26/175 Description: ip6_input_finish() contains a memory leak in Linux kernels prior to 2.6.12.6 and 2.6.13. This could potentially be used to trigger a remote denial of service (DoS) attack. Notes: dannf> Though the code in 2.4 is quite different, it looks to me like the dannf> 2.4 code could be vulnerable. Bugs: upstream: released (2.6.12.6, 2.6.13) linux-2.6: N/A 2.6.8-sarge-security: released (2.6.8-16sarge2) 2.4.27-sarge-security: released (2.4.27-10sarge2) [189_ipv6-skb-leak.diff] 2.4.27-sid: released (2.4.27-12) [189_ipv6-skb-leak.diff] 2.4.19-woody-security: 2.4.18-woody-security: 2.4.17-woody-security: 2.4.16-woody-security: 2.4.17-woody-security-hppa: 2.4.17-woody-security-ia64: 2.4.18-woody-security-hppa: