Security update for Linux kernel (kernel-source)
(Last modified: 05DEC2002)
solutions Security update for Linux kernel (kernel-source) SuSE Linux Maintenance Web (7023b8b561fe466dff48180dfc15ad24)
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Office Server
The TCP SYN-RST bug is a remote bug in the sense that a packet having both the SYN and the RST flags set will be accepted, while packet filters often target SYN-only flagged TCP packets. The error fixed in the
ip_conntrackpart of the netfilter code addresses a problem where an attacker can establish entries in the connection tracking table of established connections even if the packets in question do not have valid TCP sequence numbers. This can result in a denial of service attack when the table gets filled up.
The list of security bugs resolved:
- a mass exit race condition
- security fix and memory leak fix in
- fix in trace flag (TF flag) handling (hangs the system)
- nested task flag (NT flag) handling (hangs the system)
- fix the handling of TCP SYN-RST packets that can bypass filter rules that match SYN only
/proc/cmdlinekernel memory exposure
- fix in
ip_conntrack(SYN/ACK handling, DoS)
rpm -Uvh kernel-source.rpm
Please note that you'll need updated kernel modules and utilities if you are updating from kernel 2.4.7.
Download Source Packages
Download the source code of the patches for maintained products.
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.