Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 17FEB2006)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (34f03dfffcde711fd59b2f89adf275de)

Applies to

Package: kernel-bigsmp
kernel-default
kernel-smp
kernel-source
kernel-um
kernel-debug
kernel-syms
um-host-kernel
um-host-install-initrd
Product(s): SUSE CORE 9 for x86
Novell Linux Desktop 9 for x86
Novell Linux POS 9
Open Enterprise Server
Patch: patch-10880
Release: 20060217
Obsoletes: 305fe3a09b78299cbe55e8a5e6c3dec4

Indications

Everyone using the Linux Kernel on x86 architecture should update.

Contraindications

None.

Problem description

This update fixes the following security problems:
  • CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine.
  • CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine.
  • CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS filesystems and so circumvent access control.
  • CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be used to exhaust system memory. However this problem happens only on machines which are already nearly memory starved.
  • CVE-2005-3858: A memory leak in the ip6_input_finish function in ip6_input.c might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
Additionally the following non-security bugs were fixed:
  • IA64: Avoid intermediate-overflows in sched_clock.
  • Fail IO request to md that require a barrier.
  • The wrong IPMI id was used in panic event.
  • XFS: log_runout_diagnostics output improved (SGI:PV947110).
  • Avoid early oom conditions without swap on SMP systems with high memory configurations.
  • Fixed memory ordering problem in wake_futex.
  • Fixed route flush permissions (write only).
  • Fixed an error in scsi_sequential_lun_scan().
  • Fixed Altix BTE error handling.
  • Fixes a memory leak with I/O errors in async I/O.
  • Make sure not to leave unfreeable buffers around with truncate on ext3 filesystems.
  • Fixed a potential readahead deadlock on SMP systems.
  • Fixed a deadlock with ip_queue and the tcp local input path.
  • Fixed wrong qeth link status.
  • Fixed a NULL pointer dereference with bonding in the qeth driver.
  • PPC64: Fixed the time syscall not to go backwards occasionaly.
  • The d_drop function now uses the per dentry lock.
  • Allow fsync() on NFS directories.
  • Fixed a statd/lockd oops when lockd fails to start.
  • Fixed a crash in bio bounce handling.
  • Support x86-64 machines with more than 128GB of RAM.
  • PPC64: Add early boot console for PCI serial cards.
  • If a block elevator request is killed before submission, make sure we wakeup waiters.
  • PPC64: Set next_jiffy_update_tb when onlining a new cpu.
  • Don't log atapi stat == 0x51 errors for ATAPI commands.
  • Added the kzalloc API (for OCFS2).
  • Added debugfs dummy stubs (for OCFS2).
  • OCFS2 was updated to 1.1.8 (from Oracle).
  • Sanity check number of interfaces in the sgiioc4 driver.
  • Allow netpoll_setup() to fix local_ip.
  • PPC64: Use correct buffersize for sg_inq command in vioscsi.
  • Fixed packet loss in e1000 driver when sending a large size datagram.
  • Fix netif_carrier_ok() issue for Tornado cards.
  • Wait for ACK on keyboard commands in KDB to avoid confusing i8042 init.
  • Fixed a gigabit ethernet (e1000 driver) slowdown with Jumbo frames.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system.
First, find out which kernel package to download and use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and the kernel symbols (kernel-syms*.rpm) and install it with either:
  • rpm -Fvh kernel-syms*.rpm kernel-default*.rpm for the default kernel image, or
  • rpm -Fhv kernel-syms*.rpm kernel-smp*.rpm for the SMP kernel image with support for up to 64 GB, or
  • rpm -Fhv kernel-syms*.rpm kernel-bigsmp*.rpm for the SMP kernel image with support for up to 64 GB
Please do only install one of these kernels, not all of them.
In case you are using LILO as bootmanager, please make sure that you also execute the command
lilo
after installing the update for the system to remain bootable.
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus