Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 21MAR2005)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (2558830537429cdedb543926fd6344a8)

Applies to

Package: kernel-default
kernel-smp
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for AMD64 and Intel EM64T
Novell Linux Desktop 9 for x86_64
Patch: patch-9962
Release: 20050321
Obsoletes: none

Indications

Everyone using the Linux Kernel on x86_64 architecture should update.

Contraindications

None.

Problem description

This update fixes the following security issues:
  • CAN-2005-0449: The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
  • CAN-2005-0209: When forwarding fragmented packets, we can only use hardware assisted checksum once.
  • CAN-2005-0529: Linux kernels before 2.6.11 use different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
  • CAN-2005-0530: Signedness error in the copy_from_read_buf function in n_tty.c before Linux kernel 2.6.11 allows local users to read kernel memory via a negative argument.
  • Missing checking in the epoll system calls allowed overwriting of a small range of kernel memory.
  • A integer overflow was possible when writing to a sysfs file, allowing an attacker to overwrite kernel memory.
  • CAN-2005-0136: Fixed a local denial of service problem on ia64 which was possible to trigger by using the ptrace system call.
  • CAN-2005-0532: The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c before Linux kernel 2.6.11, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
  • CAN-2005-0135: Fixed a local denial denial of service problem against unwind on the IA64 platform.
  • CAN-2005-0384: Fixed a local denial of service attack in the kernel PPP code.
  • CAN-2005-0210: A dst leak problem in the ip_conntrack module of the iptables firewall was fixed.
  • CAN-2005-0504: Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x allows local users to execute arbitrary code via a certain modified length value.
  • Only root should be able to set the N_MOUSE line discipline, this is a partial fix for CAN-2004-0814.
  • Due to an xattr sharing bug in the ext2 and ext3 filesystems, default ACLs could disappear.
This update fixes the following bugs:
  • Superblock updates that experience write failures to a software raid component device, do not fail the device out of the software raid.
  • Fixed the raw device ioctl to correctly use userspace pointers.
  • Assigning a IPv6 address to a pppd device could crash the kernel.
  • mdadm did not correctly activate multipath configurations.
  • Fixed md multipath assembly and various md RAID races.
  • Reading specific /proc files (like for instance the 'ps' command does) could crash the system under some circumstances.
  • Fixed a problem in toss_page_cache_nodes introduced by SP1.
  • amd64: CMP numa node detection for AMD dual core backport added.
  • Fixed glibc "make check" problem by fixing bogus ECHILD return values from wait* function when the group leader already was a zombie process.
  • Fix releasepage on delalloc buffers with small blocksizes on XFS filesystems.
  • Prevent a race condition between skb_unlink and kfree_skb in ARP handling.
  • Fix endless loop when syncing an array that doesn't need any resync.
  • Fixed a slow memory leak on superblock updates.
  • Various bugs in XFS / NFS filesystem interaction were fixed.
  • Fixed a problem in the aio-stress testcase on XFS.
  • Enabled the missing heap-stack-gap sysctl.
  • Redundant Write-Back in Receive Descriptor Ring caused memory corruption in the ixgb gigabit ethernet card driver.
  • Fixed a deadlock due to race between truncate and direct io write in the XFS filesystem.
  • Fixed a performance problem in DMAPI by dropping the big kernel lock temporary.
  • Fixed some XFS hash performance problems.
  • Fix PDH console on HP rx1600.
  • Allow allocating shared mem segments bigger than 2 GB.
Additional kernel module had bugs fixed:
  • NSS: Several stability problems were fixed.
  • antivir / dazuko.ko: The capability handling of this module was broken and was fixed by a version upgrade.
  • drbd: A slow memory leak in drbd was fixed.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh kernel-*.rpm
In case you are using LILO as bootmanager, please make sure that you also execute the command
lilo
after installing the update for the system to remain bootable.
Finally, reboot the system with
shutdown -r now

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus