Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 31JAN2005)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (6c7439aa4c1c8463a80d807d6dccf9f9)

Applies to

Package: kernel-default
kernel-smp
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for AMD64 and Intel EM64T
Patch: patch-9826
Release: 20050131
Obsoletes: 114f15c90aac724a4d2fb27820a6ddc9
303377550ee97916c59afca6d7adf50f
c04aa0719a661fe434fc56b65125c187

Indications

Everyone using the Linux Kernel on x86_64 architecture should update.

Contraindications

None.

Problem description

This update fixes following security problems:
  • An NFS Direct I/O local denial of service could allow a local attacker to crash the machine.
  • A previous smbfs security fix was faulty, writes did no longer work on smbfs shares.
  • Unsigned vs signed problems in the generic scsi ioctl handler were reported by grsecurity. They have no impact due to the compiler using unsigned arithmetic, but are fixed nevertheless.
  • ppos /proc file race conditions in the mapped_base and oom_adjust proc files were fixed.
Following non security bugs were fixed:
  • A bug in the pciconfig sysfs interface could cause incorrect values to be read from and written to PCI config space.
  • A locking problem in CKRM could lead to a crash.
  • In low memory situations, large writes would not be serviced in a timely fashion.
  • The initialization of the bio->bi_bdev field was incorrect.
  • VFS callouts for flock were added.
  • MD on top of Device Mapper based devices was not working and lead to kernel crashes.
  • Non-fatal errors encountered during readahead operations caused the device mapper multipath to fail the hardware path.
  • A race condition in the kernel timer code could lead to kernel crashes under high load.
  • An inetaddr notification problem with SCTP could lead to machine crashes.
  • Lots of bugs and problems were fixed in the NSS Netware Storage System module.
  • Several bugs in the DRBD device driver were fixed.
Following updates for x86-64 architecture:
  • CPU detection was moved to an earlier stage so that clustered APIC mode can be turned off reliably on AMD hardware.
  • The 32bit vsyscall page was incorrectly marked GLOBAL which could lead to TLB corruptions.
  • The number of MP busses was too low.
  • A signedness issues in the signal register set lead to incorrect evaluation of systemcall results.
  • A TLB context switch bug was partially fixed.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
First, find out which kernel package to download and use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and install it with either:
  • rpm -Fvh kernel-syms*.rpm kernel-default*.rpm for the default kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-smp*.rpm for the SMP kernel image
Please do only install one of these kernels, not all of them.
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus