Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 21MAR2005)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (33bbbc88aace49aa6b5ad80876cc4083)

Applies to

Package: kernel-64k-pagesize
kernel-default
kernel-sn2
kernel-source
kernel-debug
kernel-syms
Product(s): SUSE CORE 9 for Itanium Processor Family
Patch: patch-9961
Release: 20050321
Obsoletes: 6fd91cc1290841e45278b5d6c826fd8b

Indications

Everyone using the Linux Kernel on IPF architecture should update.

Contraindications

None.

Problem description

This update fixes the following security issues:
  • CAN-2005-0449: The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
  • CAN-2005-0209: When forwarding fragmented packets, we can only use hardware assisted checksum once.
  • CAN-2005-0529: Linux kernels before 2.6.11 use different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
  • CAN-2005-0530: Signedness error in the copy_from_read_buf function in n_tty.c before Linux kernel 2.6.11 allows local users to read kernel memory via a negative argument.
  • Missing checking in the epoll system calls allowed overwriting of a small range of kernel memory.
  • A integer overflow was possible when writing to a sysfs file, allowing an attacker to overwrite kernel memory.
  • CAN-2005-0136: Fixed a local denial of service problem on ia64 which was possible to trigger by using the ptrace system call.
  • CAN-2005-0532: The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c before Linux kernel 2.6.11, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
  • CAN-2005-0135: Fixed a local denial denial of service problem against unwind on the IA64 platform.
  • CAN-2005-0384: Fixed a local denial of service attack in the kernel PPP code.
  • CAN-2005-0210: A dst leak problem in the ip_conntrack module of the iptables firewall was fixed.
  • CAN-2005-0504: Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x allows local users to execute arbitrary code via a certain modified length value.
  • Only root should be able to set the N_MOUSE line discipline, this is a partial fix for CAN-2004-0814.
  • Due to an xattr sharing bug in the ext2 and ext3 filesystems, default ACLs could disappear.
This update fixes the following bugs:
  • Superblock updates that experience write failures to a software raid component device, do not fail the device out of the software raid.
  • Fixed the raw device ioctl to correctly use userspace pointers.
  • Assigning a IPv6 address to a pppd device could crash the kernel.
  • mdadm did not correctly activate multipath configurations.
  • Fixed md multipath assembly and various md RAID races.
  • Reading specific /proc files (like for instance the 'ps' command does) could crash the system under some circumstances.
  • Fixed a problem in toss_page_cache_nodes introduced by SP1.
  • amd64: CMP numa node detection for AMD dual core backport added.
  • Fixed glibc "make check" problem by fixing bogus ECHILD return values from wait* function when the group leader already was a zombie process.
  • Fix releasepage on delalloc buffers with small blocksizes on XFS filesystems.
  • Prevent a race condition between skb_unlink and kfree_skb in ARP handling.
  • Fix endless loop when syncing an array that doesn't need any resync.
  • Fixed a slow memory leak on superblock updates.
  • Various bugs in XFS / NFS filesystem interaction were fixed.
  • Fixed a problem in the aio-stress testcase on XFS.
  • Enabled the missing heap-stack-gap sysctl.
  • Redundant Write-Back in Receive Descriptor Ring caused memory corruption in the ixgb gigabit ethernet card driver.
  • Fixed a deadlock due to race between truncate and direct io write in the XFS filesystem.
  • Fixed a performance problem in DMAPI by dropping the big kernel lock temporary.
  • Fixed some XFS hash performance problems.
  • Fix PDH console on HP rx1600.
  • Allow allocating shared mem segments bigger than 2 GB.
Additional kernel module had bugs fixed:
  • NSS: Several stability problems were fixed.
  • antivir / dazuko.ko: The capability handling of this module was broken and was fixed by a version upgrade.
  • drbd: A slow memory leak in drbd was fixed.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system.
First, find out which kernel package to download and use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and install it with either:
  • rpm -Fvh kernel-syms*.rpm kernel-default*.rpm for the default kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-64k-pagesize*.rpm for the 64k page size kernel image, or
  • rpm -Fhv kernel-syms*.rpm kernel-sn*.rpm for the SGI SN2 (Altix) image
Please do only install one of these kernels, not all of them.
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates