Security update for Linux Kernel (k_athlon)

Knowledgebase

(Last modified: 15NOV2002)

solutions Security update for Linux Kernel (k_athlon) SuSE Linux Maintenance Web (45b103eb731fd1848be9fff9476ca823)

Applies to

Product(s): SuSE Linux Enterprise Server 8 for x86
SuSE Linux Openexchange Server 4

Package: k_athlon
Release: 20021115
Obsoletes: none

Indications

Everyone should install this update.

Contraindications

None.

Description

This kernel update includes the following fixes:

Fix for a security problem where local unpriviledged users can crash the machine by abusing the nested task (NT) flag.
Fix for a security problem where local unpriviledged users can crash the machine by setting the TF flag in a carefully constructed binary.
Fix for a problem in the tcp connection tracking code that could allow an attacker to make a machine unaccessible via the network for long time.
Due to a longstanding race in the kernel processes could stall for an indefinite time under certain load patterns.
Accessing the proc files of the gdth driver (Intel/former ICP vortex) could lead to an oops. Accessing those files is vital for the management tools of this driver. Reason for the problem was not a driver bug, but some generic bug in the SCSI code that could potentially affect other drivers as well.
The unicon support could overwrite memory on systems with regular VGA cards without support for double byte output. The problem only exists when the system was booted in VGA mode. When booted in framebuffer mode or when running X the problem is not present. Also several security issues in the unicon support have been fixed.
Fix for largepage on SHM.
Fix for a potential deadlock in the ACL code.
Fix for a machine hang when unmounting a JFS filesystem.
Fix USB support for Unisys ES7000 machines.
When the IO-APIC mode was enabled, this could lead to non-functional interrupts on certain boards with VIA 686A/B southbridge because nr_ioapics was not always correctly initialized. This has been fixed.
Fix a longstanding SMP race in msgrcv that could lead to application failures in certain situations.
Update JFS to version 1.0.24; several important fixes.
The write barrier feature could lead to hanging machines on some systems with multiple IDE disks. The feature turned out to be buggy anyway, so was removed. No regression compared to the official kernel.

Driver updates

IBM ServeRaid driver updated to 6.0.0. Previous versions were not 64bit clean, hence they did not work on ia64 systems.
Update of the 3ware driver to version 1.02.00.031; previous version were not 64bit clean.
The bcm5700 was leaking memory maps at least on x86_64. Update to the new driver version 4.0.
Update vtune driver to version 0.908.

New feature

Hangcheck modules that add some additional form of watchdog. This has been implemented with additional kernel modules that don't change anything in the rest of the kernel. So this has no impact unless the modules are explicitly loaded

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh k_athlon.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.