Novell is now a part of Micro Focus

Security update for Linux kernel

Knowledgebase

(Last modified: 16MAY2006)


solutions Security update for Linux kernel SuSE Linux Maintenance Web (a85a3e0133108b1cb77026293bc419dc)

Applies to

Package: kernel-default
kernel-smp
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for AMD64 and Intel EM64T
Novell Linux Desktop 9 for x86_64
Patch: patch-10997
Release: 20060516
Obsoletes: 87c56bb926a498cfdb5b0219c188f773

Indications

Everyone using the Linux Kernel on x86_64 architecture should update.

Contraindications

None.

Problem description

This kernel update fixes the following security problems:
  • CVE-2006-2271: The ECNE chunk handling in Linux SCTP allowed remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
  • CVE-2006-2272: Linux SCTP allowed remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
  • CVE-2006-2274: Linux SCTP allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
  • CVE-2006-1524: shmat: stop mprotect from giving write permission to a readonly shared memory attachment.
  • CVE-2006-1863: Due to incorrect argument checking it was possible to break out of chroots on cifs filesystems.
  • CVE-2006-1864: Due to incorrect argument checking it was possible to break out of chroots on smbfs filesystems.
  • CVE-2006-1342: A minor information leak in SO_ORIGINAL_DST was fixed.
  • CVE-2006-1056: i386/x86-64: Fix AMD x87 information leak between processes.
  • CVE-2006-0741: x86_64 only: Always check that RIPs are canonical during signal handling, otherwise local attackers could crash the machine.
  • CVE-2006-1523: __group_complete_signal: Removed a bogus BUG_ON which could lead to unwanted process crashes.
  • CVE-2006-1527: NETFILTER SCTP conntrack: Fixed an infinite loop in sctp handling, which could be caused by a remote attacker.
  • CVE-2006-1525: IPV4: Fixed a machine crash in ip_route_input that could be triggered via the "route" command from local attackers.
  • CVE-2006-0095: dm-crypt: Zero key before freeing it to avoid leakage.
  • CVE-2006-1242: Fix IPv4 IPID generation to avoid possible idle scans against the machine.
  • CVE-2006-0744: When the user could have changed %RIP always force IRET.
  • CVE-2006-0554: A XFS ftruncate() bug could expose stale data.
  • CVE-2006-0557: Add an upper boundary to mempolicy node arguments to avoid potentially local crashes.
  • CVE-2006-0555: A normal user was able to panic the NFS client with direct I/O.
and the following non security bugs:
  • fix possible keymap array overflow in keyboard.c
  • cfq_dispatch_requests() picks wrong dispatch entry
  • ckrm - make relay_open params an module parameter
  • lkcd: deal with dumping to lvm and md
  • don't declare die_if_kernel as noreturn
  • exports in6_dev_get and in6_dev_put
  • XFS ftruncate() bug could expose stale data
  • kstopmachine must not be prempted
  • quota trans diag
  • Add upper boundary to mempolicy node arguments
  • fix perfmon crash
  • Avoid lock contention in audit stubs
  • Fix typo that made /proc/sys/kernel/unsupported unavailable
  • Make dm fail barrier writes
  • ensure XPC disengage request is processed
  • mask top byte when getting remaining bytes
  • fetchop driver fix
  • Shub2 BTE address fix
  • fix for-loop in sn_hwperf_geoid_to_cnode()
  • driver bugfixes and hardware workarounds for CE1.0 asic
  • TLB flushing fixes for SHUB2
  • avoid a revalidate to destroy the pte dirty bits
  • Improve locking in nfs_zap_caches
  • Improve randomess of initial xid choice
  • Default acl ENOSPC fix
  • Fix an inode use-after-free during an unpin
  • fix race: signal->curr_target update vs. thread exit
  • Handle PQ3 devices without REPORT_LUNS well
  • Update to OCFS2 1.2.1.
  • Fix deadlock in reiserfs with quotas
  • Fix deadlock in reiserfs acl code
  • Fix sdev leak in scsi_scan
  • USB: let the /proc/bus/usb/devices file use the cached descriptor
  • fix for IPVS which can deadlock the system by calling si_meminfo
  • LSM: add missing hook to do_compat_readv_writev()
  • Back out accidental change that removed nlm_use_underlying_lock_ops sysctl
  • Fix group_info leak in svcauth_null_accept
  • Fix locking when changing size in nfsd
  • Fix state table entries for chunks received in CLOSED state
  • Fix panic's when receiving fragmented SCTP control chunks
  • avoid race between invalidate_inode_pages2 and do_no_page
Fixes for ia64:
  • Fix the size of __sn_cnodeid_to_nasid
  • [laus] Fix __AUD_POLICY_LAST_SYSCALL for ia64
Fixes for ppc64:
  • properly configure DDR/P5IOC children devs
  • sys_rt_sigreturn must return a long instead of int
  • Dont loop on PTE_BUSY bit in low level ppc64 MMU code
  • prefill MMU only on 0x300 and 0x400 exceptions
Fixes for x86_64:
  • Check for bad elf entry address
  • Don't lower FIRST_DEVICE_VECTOR for x86_64 too
  • Map 32bit vsyscall area from ptrace

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh kernel-*.rpm
In case you are using LILO as bootmanager, please make sure that you also execute the command
lilo
after installing the update for the system to remain bootable.
Finally, reboot the system with
shutdown -r now

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus