Security update for Linux kernel
(Last modified: 15FEB2006)
solutions Security update for Linux kernel SuSE Linux Maintenance Web (94a974abcf7178fb83b463abf6e13de7)
Product(s): SUSE CORE 9 for Itanium Processor Family
- CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine.
- CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine.
- CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS filesystems and so circumvent access control.
- CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be used to exhaust system memory. However this problem happens only on machines which are already nearly memory starved.
- CVE-2005-3858: A memory leak in the ip6_input_finish function in ip6_input.c might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
- IA64: Avoid intermediate-overflows in sched_clock.
- Fail IO request to md that require a barrier.
- The wrong IPMI id was used in panic event.
- XFS: log_runout_diagnostics output improved (SGI:PV947110).
- Avoid early oom conditions without swap on SMP systems with high memory configurations.
- Fixed memory ordering problem in wake_futex.
- Fixed route flush permissions (write only).
- Fixed an error in scsi_sequential_lun_scan().
- Fixed Altix BTE error handling.
- Fixes a memory leak with I/O errors in async I/O.
- Make sure not to leave unfreeable buffers around with truncate on ext3 filesystems.
- Fixed a potential readahead deadlock on SMP systems.
- Fixed a deadlock with ip_queue and the tcp local input path.
- Fixed wrong qeth link status.
- Fixed a NULL pointer dereference with bonding in the qeth driver.
- PPC64: Fixed the time syscall not to go backwards occasionaly.
- The d_drop function now uses the per dentry lock.
- Allow fsync() on NFS directories.
- Fixed a statd/lockd oops when lockd fails to start.
- Fixed a crash in bio bounce handling.
- Support x86-64 machines with more than 128GB of RAM.
- PPC64: Add early boot console for PCI serial cards.
- If a block elevator request is killed before submission, make sure we wakeup waiters.
- PPC64: Set next_jiffy_update_tb when onlining a new cpu.
- Don't log atapi stat == 0x51 errors for ATAPI commands.
- Added the kzalloc API (for OCFS2).
- Added debugfs dummy stubs (for OCFS2).
- OCFS2 was updated to 1.1.8 (from Oracle).
- Sanity check number of interfaces in the sgiioc4 driver.
- Allow netpoll_setup() to fix local_ip.
- PPC64: Use correct buffersize for sg_inq command in vioscsi.
- Fixed packet loss in e1000 driver when sending a large size datagram.
- Fix netif_carrier_ok() issue for Tornado cards.
- Wait for ACK on keyboard commands in KDB to avoid confusing i8042 init.
- Fixed a gigabit ethernet (e1000 driver) slowdown with Jumbo frames.
First, find out which kernel package to download and use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and install it with either:
rpm -Fvh kernel-syms*.rpm kernel-default*.rpmfor the default kernel image, or
rpm -Fvh kernel-syms*.rpm kernel-64k-pagesize*.rpmfor the 64k page size kernel image, or
rpm -Fhv kernel-syms*.rpm kernel-sn*.rpmfor the SGI SN2 (Altix) image
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)
Download Source Packages
Download the source code of the patches for maintained products.