Security update for Linux kernel
(Last modified: 20JAN2005)
solutions Security update for Linux kernel SuSE Linux Maintenance Web (85e05760b3103f0f201e798508c3e7cb)
Product(s): SUSE CORE 9 for IBM zSeries 64bit
- An unlocked VM operation could lead to a local user gaining root access using a handcrafted ELF binary and the uselib system call. This problem was found by Paul Starzetz and has been assigned the Mitre CVE ID CAN-2004-1235.
- A race condition in the SMP page fault handler could lead to a local attacker gaining root access on SMP machines. This problem was also found by Paul Starzetz and has been assigned the Mitre CVE ID CAN-2005-001.
- A problem in the earlier cmsg / sendmsg security fix was identified and fixed which could lead 32bit applications on a 64bit system (like i386 binaries on x86_64, or PowerPC binaries on a PowerPC64 system) to handle the sendmsg call incorrectly.
- An incomplete fix of the IGMP problem in the last update was replaced by the final approved fix.
- The smbfs fixes done 2 security updates ago were broken for writing files. This has been fixed.
- grsecurity reported a possible signedness problem in the generic scsi ioctl handler.
- Bad handling of oversized NFS Direct I/O request could lead to a local denial of service attack.
rpm -Fvh kernel-s390x.rpm kernel-source.rpm kernel-syms.rpm zipl
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)
Download Source Packages
Download the source code of the patches for maintained products.