Description of problem: Tobias Klein reported that the snd_seq_oss_synth_make_info() function incorrectly reports information to userspace without first checking for the validity of the device number, leading to possible information leak.
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=82e68f7ffec3800425f2391c8c86277606860442
Created attachment 313512 [details] Upstream patch for this issue
This was addressed via: MRG Realtime for RHEL 5 Server (RHSA-2008:0857) Red Hat Enterprise Linux version 5 (RHSA-2008:0885) Red Hat Enterprise Linux version 4 (RHSA-2008:0972)