Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 15FEB2006)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (87c56bb926a498cfdb5b0219c188f773)

Applies to

Package: kernel-default
kernel-smp
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for AMD64 and Intel EM64T
Novell Linux Desktop 9 for x86_64
Patch: patch-10867
Release: 20060215
Obsoletes: 309c95cc337c1c860f8b7fd1ef14067a

Indications

Everyone using the Linux Kernel on x86_64 architecture should update.

Contraindications

None.

Problem description

This update fixes the following security problems:
  • CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine.
  • CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine.
  • CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS filesystems and so circumvent access control.
  • CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be used to exhaust system memory. However this problem happens only on machines which are already nearly memory starved.
  • CVE-2005-3858: A memory leak in the ip6_input_finish function in ip6_input.c might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
Additionally the following non-security bugs were fixed:
  • IA64: Avoid intermediate-overflows in sched_clock.
  • Fail IO request to md that require a barrier.
  • The wrong IPMI id was used in panic event.
  • XFS: log_runout_diagnostics output improved (SGI:PV947110).
  • Avoid early oom conditions without swap on SMP systems with high memory configurations.
  • Fixed memory ordering problem in wake_futex.
  • Fixed route flush permissions (write only).
  • Fixed an error in scsi_sequential_lun_scan().
  • Fixed Altix BTE error handling.
  • Fixes a memory leak with I/O errors in async I/O.
  • Make sure not to leave unfreeable buffers around with truncate on ext3 filesystems.
  • Fixed a potential readahead deadlock on SMP systems.
  • Fixed a deadlock with ip_queue and the tcp local input path.
  • Fixed wrong qeth link status.
  • Fixed a NULL pointer dereference with bonding in the qeth driver.
  • PPC64: Fixed the time syscall not to go backwards occasionaly.
  • The d_drop function now uses the per dentry lock.
  • Allow fsync() on NFS directories.
  • Fixed a statd/lockd oops when lockd fails to start.
  • Fixed a crash in bio bounce handling.
  • Support x86-64 machines with more than 128GB of RAM.
  • PPC64: Add early boot console for PCI serial cards.
  • If a block elevator request is killed before submission, make sure we wakeup waiters.
  • PPC64: Set next_jiffy_update_tb when onlining a new cpu.
  • Don't log atapi stat == 0x51 errors for ATAPI commands.
  • Added the kzalloc API (for OCFS2).
  • Added debugfs dummy stubs (for OCFS2).
  • OCFS2 was updated to 1.1.8 (from Oracle).
  • Sanity check number of interfaces in the sgiioc4 driver.
  • Allow netpoll_setup() to fix local_ip.
  • PPC64: Use correct buffersize for sg_inq command in vioscsi.
  • Fixed packet loss in e1000 driver when sending a large size datagram.
  • Fix netif_carrier_ok() issue for Tornado cards.
  • Wait for ACK on keyboard commands in KDB to avoid confusing i8042 init.
  • Fixed a gigabit ethernet (e1000 driver) slowdown with Jumbo frames.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh kernel-*.rpm
In case you are using LILO as bootmanager, please make sure that you also execute the command
lilo
after installing the update for the system to remain bootable.
Finally, reboot the system with
shutdown -r now

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus