Candidate: CVE-2006-5619 References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6 Description: The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6.16, 2.6.17, and 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. Ubuntu-Description: James Morris discovered that the ip6fl_get_n() function incorrectly handled flow labels. A local attacker could exploit this to crash the kernel. Notes: dannf> This code does not appear to be present in 2.4 Bugs: upstream: released (2.6.18.2) linux-2.6: released (2.6.18-4) 2.6.8-sarge-security: released (2.6.8-16sarge6) [ip6_flowlabel-lockup.dpatch] 2.4.27-sarge-security: N/A 2.6.12-breezy-security: released (2.6.12-10.41) 2.6.15-dapper-security: released (2.6.15-27.49) 2.6.17-edgy-security: released (2.6.17.1-10.34) 2.6.19-feisty: released