Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 16FEB2006)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (186f161a242ba9368a91d962ee345c3d)

Applies to

Package: kernel-s390x
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for IBM zSeries 64bit
Patch: patch-10870
Release: 20060216
Obsoletes: 1f2b4081a5ba4f15cc346a662740a717

Indications

Everyone using the Linux Kernel should update.

Contraindications

None.

Problem description

This update fixes the following security problems:
  • CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine.
  • CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine.
  • CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS filesystems and so circumvent access control.
  • CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be used to exhaust system memory. However this problem happens only on machines which are already nearly memory starved.
  • CVE-2005-3858: A memory leak in the ip6_input_finish function in ip6_input.c might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
Additionally the following non-security bugs were fixed:
  • IA64: Avoid intermediate-overflows in sched_clock.
  • Fail IO request to md that require a barrier.
  • The wrong IPMI id was used in panic event.
  • XFS: log_runout_diagnostics output improved (SGI:PV947110).
  • Avoid early oom conditions without swap on SMP systems with high memory configurations.
  • Fixed memory ordering problem in wake_futex.
  • Fixed route flush permissions (write only).
  • Fixed an error in scsi_sequential_lun_scan().
  • Fixed Altix BTE error handling.
  • Fixes a memory leak with I/O errors in async I/O.
  • Make sure not to leave unfreeable buffers around with truncate on ext3 filesystems.
  • Fixed a potential readahead deadlock on SMP systems.
  • Fixed a deadlock with ip_queue and the tcp local input path.
  • Fixed wrong qeth link status.
  • Fixed a NULL pointer dereference with bonding in the qeth driver.
  • PPC64: Fixed the time syscall not to go backwards occasionaly.
  • The d_drop function now uses the per dentry lock.
  • Allow fsync() on NFS directories.
  • Fixed a statd/lockd oops when lockd fails to start.
  • Fixed a crash in bio bounce handling.
  • Support x86-64 machines with more than 128GB of RAM.
  • PPC64: Add early boot console for PCI serial cards.
  • If a block elevator request is killed before submission, make sure we wakeup waiters.
  • PPC64: Set next_jiffy_update_tb when onlining a new cpu.
  • Don't log atapi stat == 0x51 errors for ATAPI commands.
  • Added the kzalloc API (for OCFS2).
  • Added debugfs dummy stubs (for OCFS2).
  • OCFS2 was updated to 1.1.8 (from Oracle).
  • Sanity check number of interfaces in the sgiioc4 driver.
  • Allow netpoll_setup() to fix local_ip.
  • PPC64: Use correct buffersize for sg_inq command in vioscsi.
  • Fixed packet loss in e1000 driver when sending a large size datagram.
  • Fix netif_carrier_ok() issue for Tornado cards.
  • Wait for ACK on keyboard commands in KDB to avoid confusing i8042 init.
  • Fixed a gigabit ethernet (e1000 driver) slowdown with Jumbo frames.
Additional Infos for s390
Patchcluster 33
  • Problem-ID: 20061 - NULL pointer dereference with bonding and VLAN device
  • Problem-ID: 20207 - qeth: link carrier status wrong when device is offline
  • Problem-ID: 20475 - kernel: magic sysrq-t addressing exception
  • Problem-ID: 19146 - zfcp: ensure that scsi cmds w/o failfast flag undergo normal scsi stack error recovery
  • Problem-ID: 20314 - zfcp: do not log fsf request and scsi command during scsi device reset
  • Problem-ID: 20114 - zfcp: IPL not completed when FCP link unplugged
  • Problem-ID: 20908 - qeth: Kernel Oops due to NULL pointer dereference
  • Problem-ID: 21239 - kernel: Spinlock performance degradation.
  • Problem-ID: 21241 - qeth: Kernel panic when using EDDP in Layer 2 mode
  • Problem-ID: 21247 - qeth: Problem using echo to add vipa address
  • Problem-ID: 17612 - lcs: LCS device drops too many packets on a flood ping.
Patchcluster 34
Patch-34-1: Fix for Problem-ID 21445: Description: dasd: Fixed open_count usage. Symptom: Possible to start second dasdfmt on same device. Problem: The open_count is increased for every opener, that includes the blkdev_get in dasd_scan_partitions. This tampers the open_count in BIODASDINFO. Solution: Hide the internal open from user-space.
For further description of the named Problem-IDs, please look at IBM developerWorks.
When rebooting the Linux on zSeries z/VM guests, please ensure that you have installed the PTFs for APAR VM63742:
  • z/VM 4.4: UM31426
  • z/VM 5.1: UM31428
Otherwise re-boot under z/VM will not work anymore.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh kernel-s390x.rpm kernel-source.rpm kernel-syms.rpm zipl
When rebooting the Linux on zSeries z/VM guests, please ensure that you have installed the PTFs for APAR VM63742:
  • z/VM 4.4: UM31426
  • z/VM 5.1: UM31428
Otherwise re-boot under z/VM will not work anymore.
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates