Security update for Linux kernel
(Last modified: 23AUG2005)
solutions Security update for Linux kernel SuSE Linux Maintenance Web (a55e12480ef483ba42fdb13c8885422b)
Product(s): SUSE CORE 9 for IBM S/390 31bit
- CAN-2005-2457: A problem in decompression of files on "zisofs" filesystem was fixed.
- CAN-2005-2458: A potential buffer overflow in the zlib decompression handling in the kernel was fixed.
- CAN-2005-2459: Some return codes in zlib decoding were fixed which could have led to an attacker crashing the kernel.
- CAN-2005-2555: Only CAP_NET_ADMIN is now allowed load socket policies.
- CAN-2005-0916: Fixed a possible crash in the AIO hugepage handling of PowerPC64.
- CAN-2005-2456: Fixed a potential overflow caused by missing boundary checks of sock->sk_policy in net/xfrm/.
- x86_64: A previous fix for a denial of service attack with compat 32bit mode programs was too strict and could crash the kernel. (The earlier fix had the Mitre ID CAN-2005-1765.)
- s390: Fixed /sys/ permissions where a user could change machine states, including powering down or up partitions.
- The reported process start times sometimes were incorrect.
- The OCFS2 filesystem was updated to version 1.0.2.
- A potential deadlock in cpuset handling was fixed.
- Fixed a potential crash on startup of the tg3 network driver.
- Avoid high IRQ latencies in the VM handling.
- rpm/post.sh was fixed so that initrd.previous is preserved again.
- A problem in the handling of the tape ioctl MTIOCPOS was fixed.
- Make the OOM process killer send SIGTERM first instead of SIGKILL.
- Fixed a netfilter connection track return code mismatch.
- Fixed a typo in the ipt_TTL netfilter module.
- XEN was updated to version 2.0.6b.
- Allow rsize/wsize values less than 4096 for NFS mounts.
- A data corruption problem within the reiserfs filesystem in the handling of writing to mmaped regions after close of the filedescriptor was fixed.
- - Problem-ID: 16923 - kernel: internal return values returned to userspace.
- Problem-ID: 14978 - zfcp: I/O errors on data underruns during Flash Copy on ESS800
- Problem-ID: 16967 - kernel: incorrect posix fadvise values.
- Problem-ID: 17349 - s390dbf: Inconsistent output of debug areas. Wrong timestamps of debug entries.
- Problem-ID: 17420 - ctcmpc: Missing storage free in exception case.
- Problem-ID: 17452 - cio: I/O blocked after cable pull/plug with all path gone.
- Problem-ID: 17438 - qeth: Disable IPV6 for hipersockets.
- Problem-ID: 17454 - qeth: Hipersockets do not work with enabled fakell option.
- Problem-ID: 17120 - qeth-channel bonding ping causes skb resource problems
- Problem-ID: 16811 - qeth: recovery problem after vary off/on
- Problem-ID: 17067 - A race condition and a busy wait performance problem caused by behaviour of the transmit function
- add patches.arch/s390-spinretry.diff Retryable spinlocks for S/390 (#100722 - LTC17469).
- patches.arch/s390-ctc-busy-wait.patch: Fix busy wait in CTC driver (97075 - LTC17067).
- patches.arch/s390-qeth-recover.patch Properly recover qeth devices after vary on (94842 - LTC16811).
rpm -Fvh kernel-s390.rpm kernel-syms.rpm zipl
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)
Download Source Packages
Download the source code of the patches for maintained products.