Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 21MAR2005)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (6a60dcc7566d6e55e403322b85680b5a)

Applies to

Package: kernel-s390
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for IBM S/390 31bit
Patch: patch-9964
Release: 20050321
Obsoletes: e54aa86dc0a5cd39a39d1f7828e54635

Indications

Everyone using the Linux Kernel should update.

Contraindications

None.

Problem description

This update fixes the following security issues:
  • CAN-2005-0449: The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
  • CAN-2005-0209: When forwarding fragmented packets, we can only use hardware assisted checksum once.
  • CAN-2005-0529: Linux kernels before 2.6.11 use different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
  • CAN-2005-0530: Signedness error in the copy_from_read_buf function in n_tty.c before Linux kernel 2.6.11 allows local users to read kernel memory via a negative argument.
  • Missing checking in the epoll system calls allowed overwriting of a small range of kernel memory.
  • A integer overflow was possible when writing to a sysfs file, allowing an attacker to overwrite kernel memory.
  • CAN-2005-0136: Fixed a local denial of service problem on ia64 which was possible to trigger by using the ptrace system call.
  • CAN-2005-0532: The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c before Linux kernel 2.6.11, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
  • CAN-2005-0135: Fixed a local denial denial of service problem against unwind on the IA64 platform.
  • CAN-2005-0384: Fixed a local denial of service attack in the kernel PPP code.
  • CAN-2005-0210: A dst leak problem in the ip_conntrack module of the iptables firewall was fixed.
  • CAN-2005-0504: Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x allows local users to execute arbitrary code via a certain modified length value.
  • Only root should be able to set the N_MOUSE line discipline, this is a partial fix for CAN-2004-0814.
  • Due to an xattr sharing bug in the ext2 and ext3 filesystems, default ACLs could disappear.
This update fixes the following bugs:
  • Superblock updates that experience write failures to a software raid component device, do not fail the device out of the software raid.
  • Fixed the raw device ioctl to correctly use userspace pointers.
  • Assigning a IPv6 address to a pppd device could crash the kernel.
  • mdadm did not correctly activate multipath configurations.
  • Fixed md multipath assembly and various md RAID races.
  • Reading specific /proc files (like for instance the 'ps' command does) could crash the system under some circumstances.
  • Fixed a problem in toss_page_cache_nodes introduced by SP1.
  • amd64: CMP numa node detection for AMD dual core backport added.
  • Fixed glibc "make check" problem by fixing bogus ECHILD return values from wait* function when the group leader already was a zombie process.
  • Fix releasepage on delalloc buffers with small blocksizes on XFS filesystems.
  • Prevent a race condition between skb_unlink and kfree_skb in ARP handling.
  • Fix endless loop when syncing an array that doesn't need any resync.
  • Fixed a slow memory leak on superblock updates.
  • Various bugs in XFS / NFS filesystem interaction were fixed.
  • Fixed a problem in the aio-stress testcase on XFS.
  • Enabled the missing heap-stack-gap sysctl.
  • Redundant Write-Back in Receive Descriptor Ring caused memory corruption in the ixgb gigabit ethernet card driver.
  • Fixed a deadlock due to race between truncate and direct io write in the XFS filesystem.
  • Fixed a performance problem in DMAPI by dropping the big kernel lock temporary.
  • Fixed some XFS hash performance problems.
  • Fix PDH console on HP rx1600.
  • Allow allocating shared mem segments bigger than 2 GB.
Additional kernel module had bugs fixed:
  • NSS: Several stability problems were fixed.
  • antivir / dazuko.ko: The capability handling of this module was broken and was fixed by a version upgrade.
  • drbd: A slow memory leak in drbd was fixed.
This security Update contains also the following fixes:
  • Problem-ID: 13698 cio: I/O can not be stopped after vary off.
  • Problem-ID: 13883 kernel: swap size is limited to 4GB. (this applies to 64-bit only)
  • Problem-ID: 7141 qeth: dhcpcd does not work.
  • Problem-ID: 13601 qeth: qethconf ipa list failed after adding a vipa or parp address.
  • Problem-ID: 12854 tape: Tar or DB/2 backup hangs.
  • Problem-ID: 13816 zfcp: Error in handler of FSF requests 'Send FCP Command'.
  • Problem-ID: 12541 cio: Setting a CHPID logically offline raises an i/o error.
A complete describtion of the fixes can be found at http://awlinux1.alphaworks.ibm.com/developerworks/linux390/index.shtml
In addition the following was fixed for the 64-Bit system. On these systems it was only possible to allocate shared memory up to 2 GByte. This limit was removed. (Bug 65754)
This kernel also includes a new module to access disk devices in raw mode (Raw-module).
Warning: Using DASDs as raw devices on zSeries
1. Accessing whole DASDs as raw devices almost certainly leads to data inconsistencies. 2. Ensure that your applications use the block size of your DASD or a multiple thereof.
Readme for using raw devices with DASDs on zSeries
The raw device driver is a legacy driver for writing unbuffered data to disk, for example, database transaction logs. Modern applications use O_DIRECT for writing unbuffered data.
Be sure to use a partition when accessing your raw device. To use an entire disk space as a raw device, create a single partition that comprises the entire disk and access that partition as the raw device.
DASDs can be formatted with different block sizes and, typically, use 4 KB. Your application must use the block size of your DASD or a multiple thereof.
Read or write requests with a block size smaller than that of the DASD will cause the operation to fail. Because other disk devices typically use a block size of 512 Bytes, many applications use 512 Bytes. Aim to use as large a block size as possible in your application. If necessary, use dasdfmt to change the block size of your DASD. The smallest block size you can use is 512 Bytes.
The following example shows how you can test if your setup is correct. Replace the "512" in "bs=512" to the blocksize of your application if your application requires a blocksize other than 512 Bytes. Note, a blocksize smaller than 4kB will degrade performance and available disk space.
Warning: This test erases the data on your device. Be sure not to use it on devices with data that are still required.
# dd if=/dev/zero of=/dev/raw/raw1 bs=512 count=100 # dd if=/dev/raw/raw1 bs=512 count=100 | od -atx1 0000000 nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 100+0 records in 100+0 records out 0144000
If od returns anything but zeroes, the setup is not correct.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh kernel-s390.rpm kernel-syms.rpm zipl
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus