Security update for Linux

Knowledgebase

(Last modified: 16MAY2006)

solutions Security update for Linux SuSE Linux Maintenance Web (c7910bbd0cc63477f583e6a6b35500ab)

Applies to

Package: kernel-s390
kernel-source
kernel-syms
Product(s): SUSE CORE 9 for IBM S/390 31bit
Patch: patch-10995
Release: 20060516
Obsoletes: 823abab8a4920fcbe7756a8433970068

Indications

Everyone using the Linux Kernel should update.

Contraindications

None.

Problem description

This kernel update fixes the following security problems:

CVE-2006-2271: The ECNE chunk handling in Linux SCTP allowed remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
CVE-2006-2272: Linux SCTP allowed remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
CVE-2006-2274: Linux SCTP allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
CVE-2006-1524: shmat: stop mprotect from giving write permission to a readonly shared memory attachment.
CVE-2006-1863: Due to incorrect argument checking it was possible to break out of chroots on cifs filesystems.
CVE-2006-1864: Due to incorrect argument checking it was possible to break out of chroots on smbfs filesystems.
CVE-2006-1342: A minor information leak in SO_ORIGINAL_DST was fixed.
CVE-2006-1056: i386/x86-64: Fix AMD x87 information leak between processes.
CVE-2006-0741: x86_64 only: Always check that RIPs are canonical during signal handling, otherwise local attackers could crash the machine.
CVE-2006-1523: __group_complete_signal: Removed a bogus BUG_ON which could lead to unwanted process crashes.
CVE-2006-1527: NETFILTER SCTP conntrack: Fixed an infinite loop in sctp handling, which could be caused by a remote attacker.
CVE-2006-1525: IPV4: Fixed a machine crash in ip_route_input that could be triggered via the "route" command from local attackers.
CVE-2006-0095: dm-crypt: Zero key before freeing it to avoid leakage.
CVE-2006-1242: Fix IPv4 IPID generation to avoid possible idle scans against the machine.
CVE-2006-0744: When the user could have changed %RIP always force IRET.
CVE-2006-0554: A XFS ftruncate() bug could expose stale data.
CVE-2006-0557: Add an upper boundary to mempolicy node arguments to avoid potentially local crashes.
CVE-2006-0555: A normal user was able to panic the NFS client with direct I/O.

and the following non security bugs:

fix possible keymap array overflow in keyboard.c
cfq_dispatch_requests() picks wrong dispatch entry
ckrm - make relay_open params an module parameter
lkcd: deal with dumping to lvm and md
don't declare die_if_kernel as noreturn
exports in6_dev_get and in6_dev_put
XFS ftruncate() bug could expose stale data
kstopmachine must not be prempted
quota trans diag
Add upper boundary to mempolicy node arguments
fix perfmon crash
Avoid lock contention in audit stubs
Fix typo that made /proc/sys/kernel/unsupported unavailable
Make dm fail barrier writes
ensure XPC disengage request is processed
mask top byte when getting remaining bytes
fetchop driver fix
Shub2 BTE address fix
fix for-loop in sn_hwperf_geoid_to_cnode()
driver bugfixes and hardware workarounds for CE1.0 asic
TLB flushing fixes for SHUB2
avoid a revalidate to destroy the pte dirty bits
Improve locking in nfs_zap_caches
Improve randomess of initial xid choice
Default acl ENOSPC fix
Fix an inode use-after-free during an unpin
fix race: signal->curr_target update vs. thread exit
Handle PQ3 devices without REPORT_LUNS well
Update to OCFS2 1.2.1.
Fix deadlock in reiserfs with quotas
Fix deadlock in reiserfs acl code
Fix sdev leak in scsi_scan
USB: let the /proc/bus/usb/devices file use the cached descriptor
fix for IPVS which can deadlock the system by calling si_meminfo
LSM: add missing hook to do_compat_readv_writev()
Back out accidental change that removed nlm_use_underlying_lock_ops sysctl
Fix group_info leak in svcauth_null_accept
Fix locking when changing size in nfsd
Fix state table entries for chunks received in CLOSED state
Fix panic's when receiving fragmented SCTP control chunks
avoid race between invalidate_inode_pages2 and do_no_page

Fixes for ia64:

Fix the size of __sn_cnodeid_to_nasid
[laus] Fix __AUD_POLICY_LAST_SYSCALL for ia64

Fixes for ppc64:

properly configure DDR/P5IOC children devs
sys_rt_sigreturn must return a long instead of int
Dont loop on PTE_BUSY bit in low level ppc64 MMU code
prefill MMU only on 0x300 and 0x400 exceptions

Fixes for x86_64:

Check for bad elf entry address
Don't lower FIRST_DEVICE_VECTOR for x86_64 too
Map 32bit vsyscall area from ptrace

Additional Infos for s390
Patchcluster 34

Problem-ID: 21445 - dasd: Fixed open_count usage.
Problem-ID: 22299 - cio: Setting devices online does not fail as expected.
Problem-ID: 22300 - cio: Deadlocks during machine checks.
Problem-ID: 22169 - kernel: iucv message limit for smsg
Problem-ID: 22170 - kernel: spin lock retry performance.
Problem-ID: 21974 - kernel: strnlen_user() may return wrong values.
Problem-ID: 22497 - kernel: make cmm related proc entries world readable.
Problem-ID: 23074 - kernel: Missing error check on signal frame setup.
Problem-ID: 22098 - net:ctc: The former experimental and untested tty feature of the ctc network driver shows some problems. As this feature is not known to be used it is removed now.
Problem-ID: 22637 - qeth: qethconf not adding IPv4 addresses.
Problem-ID: 22956 - qeth: tx_bytes and rx_bytes counter are not set properly.
Problem-ID: 22965 - qeth: setting of attribute "route6" to "primary_router" works only once.
Problem-ID: 22991 - qeth: /proc/qeth_perf reports negative times.
Problem-ID: 22772 - z90crypt: Analysis revealed unreachable code.
Problem-ID: 22773 - z90crypt: Analysis revealed a possible memory overlay.

Patchcluster 35

Problem-ID: 23146 - cio: Enable interrupts on error path.
Problem-ID: 23146 - cio: I/O failing after CHPID is offline despite remaining CHPIDs.
Problem-ID: 23355 - kernel: Signal handling bug.
Problem-ID: 23074 - kernel: Bug in setup_rt_frame().
Problem-ID: 22969 - net: initcall order.
Problem-ID: 22223 - qdio: I/O stall with zfcp in low-memory situation.
Problem-ID: 23195 - qeth: Race condition possible during device recovery.
Problem-ID: 23458 - qeth: System crash during data transmission.

For further description of the named Problem-IDs, please look at http://www-128.ibm.com/developerworks/linux/linux390/april2004_recommended.html

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:

rpm -Fvh kernel-s390.rpm kernel-syms.rpm

zipl

When rebooting the Linux on zSeries z/VM guests, please ensure that you have installed the PTFs for APAR VM63742:

z/VM 4.4: UM31426
z/VM 5.1: UM31428

Otherwise re-boot under z/VM will not work anymore.
Finally, reboot the system with


shutdown -r now

to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

SUSE Linux Enterprise Server 9 for IBM S/390 31bit (s390)

Download Source Packages

Download the source code of the patches for maintained products.

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.