Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 27SEP2004)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (08bc707557dbbf09c09a3b832ea06959)

Applies to

Product(s): SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries

Package: k_deflt
kernel-source
Release: 20040927
Obsoletes: ab8757bb47418326e9b5c48edc5dc065

Indications

Everyone using the Linux Kernel should update.

Contraindications

None.

Problem description

This updates fixes following security issues:
  • A kNFSD security problem. An attacker with write access to an NFS share could crash the machine.
Additionally it fixes and addresses the following bugs:
All architectures:
  • Several auditing related problems were addressed and fixed.
  • Fixed a kiovec free Oops with LVM snapshotting.
  • Fix race condition in sg.c I/O completion.
  • Use asynchronous keventd to avoid async IO deadlock.
  • Fixed several scsi scan issues, especially ghost luns.
  • Fixed NFSD exiting on TCP recvfrom errors.
  • On encountering I/O errors on write, make sure we return -EIO.
  • Prevent kernel oops in ip6t_LOG (with ipv6 firewalling enabled).
  • Fix JFS resize bug on big-endian architectures.
  • New drbd module, version 0.6.13, fixes data corruption if secondary node fails during sync.
  • Build drbd module correctly on x86_64.
Platform specific issues:
  • s390: fixed mmap segmentation fault on error. LTC#10008/
  • s390: do not modify the stat buffer on error return.
  • s390: Added official code drops 13,14,15,16 from IBM.
  • s390: Disable CONFIG_UID16 for s390x.
  • s390: drop broadcast packets if qeth cannot handle them.
For a detailed description of the list of solved Problem IDs from IBM look at:
http://www10.software.ibm.com/developerworks/opensource/linux390/june2003_recommended.shtml
  • Patch 13
    • Problem-ID: 7640 iucv: restart of multiple IUCV connections fails.
    • Problem-ID: 8210 kernel: mlock() gets stuck in get_user_pages/follow_page.
    • Problem-ID: 8394 qeth: module use count problem in performance statistics.
    • Problem-ID: 7036 zfcp: zfcp logs a wrong message when trying to register a LUN which is already in use.
  • Patch 14
    • Problem-ID: 9055 cio: Deferred cc=3 on BASIC SENSE leads to data corruption.
    • Problem-ID: 9211 network: multicast joins and drops not noticed by drivers.
    • Problem-ID: 9191 zfcp: performance patch 1/6.
    • Problem-ID: 9192 zfcp: performance patch 2/6.
    • Problem-ID: 9193 zfcp: performance patch 3/6.
    • Problem-ID: 9194 zfcp: performance patch 4/6.
    • Problem-ID: 9195 zfcp: performance patch 5/6.
    • Problem-ID: 9196 zfcp: performance patch 6/6.
    • Problem-ID: 8674 zfcp: scsi devices set offline.
    • Problem-ID: 7739 zfcp: unable to recover 'local link down' at init time.
  • Patch 15
    • Problem-ID: 9704 iucv: Connection lost with high network load.
    • Problem-ID: 8165 Kernel: Lost dirty bits.
    • Problem-ID: 9507 qdio: Omit SVS on z990.
    • Problem-ID: 7312 qdio: Null pointer deref in qdio_unmark_q.
    • Problem-ID: 9567 qdio: Lost initiative for OSA under LPAR.
    • Problem-ID: 9569 tape: Use of debug feature can produce kernel Oops.
    • Problem-ID: 9824 zfcp: Error recovery does not finish after a cable to an ESS ("Shark") is unplugged.
  • Patch 16
    • Problem-ID: 10222 dasd: Memory leak in dasd_statistics_write.
    • Problem-ID: 10529 kernel: Partition detection does not work on FBA volumes that have been prepared with CPFMTXA.
    • Problem-ID: 10614 kernel: Fix 31 bit emulation of mmap system call. (for s390x only)
    • Problem-ID: 10615 kernel: Fix 31 bit emulation of stat64, lstat64 and fstat64. (for s390x only)
    • Problem-ID: 9819 sclp: Console causes system to hang.
    • Problem-ID: 10757 sclp: Startup problem after reboot.
    • Problem-ID: 9757 zfcp: System hang on adapter detach.
    • Problem-ID: 10200 zfcp: Wrong return code of fsf_req_create.
    • Problem-ID: 10583 zfcp: IOCTL handler of CFDC does not check for FSF request completion status
    • Problem-ID: 10549 zfcp: Wrong handling of rejected ELS commands.
    • Problem-ID: 10709 zfcp: Possible adapter shutdown after invalid CT commands.
    • Problem-ID: 10599 z90crypt: Certain 31-bit ioctl calls are not accepted on 64-bit kernel. (for s390x only)
    • Problem-ID: 9373 z90crypt: Backport several bugfixes to service stream for 2.4.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh k_deflt.rpm zipl
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates