Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 15FEB2006)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (94a974abcf7178fb83b463abf6e13de7)

Applies to

Package: kernel-64k-pagesize
kernel-default
kernel-sn2
kernel-source
kernel-debug
kernel-syms
Product(s): SUSE CORE 9 for Itanium Processor Family
Patch: patch-10872
Release: 20060215
Obsoletes: bc40b3714cd50657883894072a0c8d80

Indications

Everyone using the Linux Kernel on IPF architecture should update.

Contraindications

None.

Problem description

This update fixes the following security problems:
  • CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine.
  • CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine.
  • CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS filesystems and so circumvent access control.
  • CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be used to exhaust system memory. However this problem happens only on machines which are already nearly memory starved.
  • CVE-2005-3858: A memory leak in the ip6_input_finish function in ip6_input.c might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
Additionally the following non-security bugs were fixed:
  • IA64: Avoid intermediate-overflows in sched_clock.
  • Fail IO request to md that require a barrier.
  • The wrong IPMI id was used in panic event.
  • XFS: log_runout_diagnostics output improved (SGI:PV947110).
  • Avoid early oom conditions without swap on SMP systems with high memory configurations.
  • Fixed memory ordering problem in wake_futex.
  • Fixed route flush permissions (write only).
  • Fixed an error in scsi_sequential_lun_scan().
  • Fixed Altix BTE error handling.
  • Fixes a memory leak with I/O errors in async I/O.
  • Make sure not to leave unfreeable buffers around with truncate on ext3 filesystems.
  • Fixed a potential readahead deadlock on SMP systems.
  • Fixed a deadlock with ip_queue and the tcp local input path.
  • Fixed wrong qeth link status.
  • Fixed a NULL pointer dereference with bonding in the qeth driver.
  • PPC64: Fixed the time syscall not to go backwards occasionaly.
  • The d_drop function now uses the per dentry lock.
  • Allow fsync() on NFS directories.
  • Fixed a statd/lockd oops when lockd fails to start.
  • Fixed a crash in bio bounce handling.
  • Support x86-64 machines with more than 128GB of RAM.
  • PPC64: Add early boot console for PCI serial cards.
  • If a block elevator request is killed before submission, make sure we wakeup waiters.
  • PPC64: Set next_jiffy_update_tb when onlining a new cpu.
  • Don't log atapi stat == 0x51 errors for ATAPI commands.
  • Added the kzalloc API (for OCFS2).
  • Added debugfs dummy stubs (for OCFS2).
  • OCFS2 was updated to 1.1.8 (from Oracle).
  • Sanity check number of interfaces in the sgiioc4 driver.
  • Allow netpoll_setup() to fix local_ip.
  • PPC64: Use correct buffersize for sg_inq command in vioscsi.
  • Fixed packet loss in e1000 driver when sending a large size datagram.
  • Fix netif_carrier_ok() issue for Tornado cards.
  • Wait for ACK on keyboard commands in KDB to avoid confusing i8042 init.
  • Fixed a gigabit ethernet (e1000 driver) slowdown with Jumbo frames.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system.
First, find out which kernel package to download and use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and install it with either:
  • rpm -Fvh kernel-syms*.rpm kernel-default*.rpm for the default kernel image, or
  • rpm -Fvh kernel-syms*.rpm kernel-64k-pagesize*.rpm for the 64k page size kernel image, or
  • rpm -Fhv kernel-syms*.rpm kernel-sn*.rpm for the SGI SN2 (Altix) image
Please do only install one of these kernels, not all of them.
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates