Novell is now a part of Micro Focus

Security update for Linux kernel


(Last modified: 15FEB2006)

solutions Security update for Linux kernel
SuSE Linux Maintenance Web (804a98a9ce388ec8e0c1400aa2d7a687)

Applies to

Package: kernel-default
Product(s): SUSE CORE 9 for IBM POWER
Patch: patch-10868
Release: 20060215
Obsoletes: d7cdf3f9e013e5d85aa53fce478a2222


Everyone using the Linux Kernel on PPC architecture should update.



Problem description

This update fixes the following security problems:
  • CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine.
  • CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine.
  • CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS filesystems and so circumvent access control.
  • CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be used to exhaust system memory. However this problem happens only on machines which are already nearly memory starved.
  • CVE-2005-3858: A memory leak in the ip6_input_finish function in ip6_input.c might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
Additionally the following non-security bugs were fixed:
  • IA64: Avoid intermediate-overflows in sched_clock.
  • Fail IO request to md that require a barrier.
  • The wrong IPMI id was used in panic event.
  • XFS: log_runout_diagnostics output improved (SGI:PV947110).
  • Avoid early oom conditions without swap on SMP systems with high memory configurations.
  • Fixed memory ordering problem in wake_futex.
  • Fixed route flush permissions (write only).
  • Fixed an error in scsi_sequential_lun_scan().
  • Fixed Altix BTE error handling.
  • Fixes a memory leak with I/O errors in async I/O.
  • Make sure not to leave unfreeable buffers around with truncate on ext3 filesystems.
  • Fixed a potential readahead deadlock on SMP systems.
  • Fixed a deadlock with ip_queue and the tcp local input path.
  • Fixed wrong qeth link status.
  • Fixed a NULL pointer dereference with bonding in the qeth driver.
  • PPC64: Fixed the time syscall not to go backwards occasionaly.
  • The d_drop function now uses the per dentry lock.
  • Allow fsync() on NFS directories.
  • Fixed a statd/lockd oops when lockd fails to start.
  • Fixed a crash in bio bounce handling.
  • Support x86-64 machines with more than 128GB of RAM.
  • PPC64: Add early boot console for PCI serial cards.
  • If a block elevator request is killed before submission, make sure we wakeup waiters.
  • PPC64: Set next_jiffy_update_tb when onlining a new cpu.
  • Don't log atapi stat == 0x51 errors for ATAPI commands.
  • Added the kzalloc API (for OCFS2).
  • Added debugfs dummy stubs (for OCFS2).
  • OCFS2 was updated to 1.1.8 (from Oracle).
  • Sanity check number of interfaces in the sgiioc4 driver.
  • Allow netpoll_setup() to fix local_ip.
  • PPC64: Use correct buffersize for sg_inq command in vioscsi.
  • Fixed packet loss in e1000 driver when sending a large size datagram.
  • Fix netif_carrier_ok() issue for Tornado cards.
  • Wait for ACK on keyboard commands in KDB to avoid confusing i8042 init.
  • Fixed a gigabit ethernet (e1000 driver) slowdown with Jumbo frames.


Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system.
First, find out which kernel package to use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and install it with either:
  • rpm -Fvh kernel-syms*.rpm kernel-default*.rpm for the default kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-iseries64*.rpm for the 64 bit iSeries kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-pseries64*.rpm for the 64 bit pSeries kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-smp*.rpm for the SMP kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-pmac64*.rpm for the 64 bit PPC kernel image
Please do only install one of these kernels, not all of them.
After performing the RPM package update of your kernel package, you must execute the following commands as root to make sure that your system will start up again:
mk_initrd lilo
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates