Novell is now a part of Micro Focus

Security update for Linux kernel


(Last modified: 16MAY2006)

solutions Security update for Linux kernel SuSE Linux Maintenance Web (d315ac40f92dc38783162cde676a7b10)

Applies to

Package: kernel-s390x

Product(s): SUSE CORE 9 for IBM zSeries 64bit
Patch: patch-10996
Release: 20060516
Obsoletes: 186f161a242ba9368a91d962ee345c3d


Everyone using the Linux Kernel should update.



Problem description

This kernel update fixes the following security problems:
  • CVE-2006-2271: The ECNE chunk handling in Linux SCTP allowed remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
  • CVE-2006-2272: Linux SCTP allowed remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
  • CVE-2006-2274: Linux SCTP allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
  • CVE-2006-1524: shmat: stop mprotect from giving write permission to a readonly shared memory attachment.
  • CVE-2006-1863: Due to incorrect argument checking it was possible to break out of chroots on cifs filesystems.
  • CVE-2006-1864: Due to incorrect argument checking it was possible to break out of chroots on smbfs filesystems.
  • CVE-2006-1342: A minor information leak in SO_ORIGINAL_DST was fixed.
  • CVE-2006-1056: i386/x86-64: Fix AMD x87 information leak between processes.
  • CVE-2006-0741: x86_64 only: Always check that RIPs are canonical during signal handling, otherwise local attackers could crash the machine.
  • CVE-2006-1523: __group_complete_signal: Removed a bogus BUG_ON which could lead to unwanted process crashes.
  • CVE-2006-1527: NETFILTER SCTP conntrack: Fixed an infinite loop in sctp handling, which could be caused by a remote attacker.
  • CVE-2006-1525: IPV4: Fixed a machine crash in ip_route_input that could be triggered via the "route" command from local attackers.
  • CVE-2006-0095: dm-crypt: Zero key before freeing it to avoid leakage.
  • CVE-2006-1242: Fix IPv4 IPID generation to avoid possible idle scans against the machine.
  • CVE-2006-0744: When the user could have changed %RIP always force IRET.
  • CVE-2006-0554: A XFS ftruncate() bug could expose stale data.
  • CVE-2006-0557: Add an upper boundary to mempolicy node arguments to avoid potentially local crashes.
  • CVE-2006-0555: A normal user was able to panic the NFS client with direct I/O.
and the following non security bugs:
  • fix possible keymap array overflow in keyboard.c
  • cfq_dispatch_requests() picks wrong dispatch entry
  • ckrm - make relay_open params an module parameter
  • lkcd: deal with dumping to lvm and md
  • don't declare die_if_kernel as noreturn
  • exports in6_dev_get and in6_dev_put
  • XFS ftruncate() bug could expose stale data
  • kstopmachine must not be prempted
  • quota trans diag
  • Add upper boundary to mempolicy node arguments
  • fix perfmon crash
  • Avoid lock contention in audit stubs
  • Fix typo that made /proc/sys/kernel/unsupported unavailable
  • Make dm fail barrier writes
  • ensure XPC disengage request is processed
  • mask top byte when getting remaining bytes
  • fetchop driver fix
  • Shub2 BTE address fix
  • fix for-loop in sn_hwperf_geoid_to_cnode()
  • driver bugfixes and hardware workarounds for CE1.0 asic
  • TLB flushing fixes for SHUB2
  • avoid a revalidate to destroy the pte dirty bits
  • Improve locking in nfs_zap_caches
  • Improve randomess of initial xid choice
  • Default acl ENOSPC fix
  • Fix an inode use-after-free during an unpin
  • fix race: signal->curr_target update vs. thread exit
  • Handle PQ3 devices without REPORT_LUNS well
  • Update to OCFS2 1.2.1.
  • Fix deadlock in reiserfs with quotas
  • Fix deadlock in reiserfs acl code
  • Fix sdev leak in scsi_scan
  • USB: let the /proc/bus/usb/devices file use the cached descriptor
  • fix for IPVS which can deadlock the system by calling si_meminfo
  • LSM: add missing hook to do_compat_readv_writev()
  • Back out accidental change that removed nlm_use_underlying_lock_ops sysctl
  • Fix group_info leak in svcauth_null_accept
  • Fix locking when changing size in nfsd
  • Fix state table entries for chunks received in CLOSED state
  • Fix panic's when receiving fragmented SCTP control chunks
  • avoid race between invalidate_inode_pages2 and do_no_page
Fixes for ia64:
  • Fix the size of __sn_cnodeid_to_nasid
  • [laus] Fix __AUD_POLICY_LAST_SYSCALL for ia64
Fixes for ppc64:
  • properly configure DDR/P5IOC children devs
  • sys_rt_sigreturn must return a long instead of int
  • Dont loop on PTE_BUSY bit in low level ppc64 MMU code
  • prefill MMU only on 0x300 and 0x400 exceptions
Fixes for x86_64:
  • Check for bad elf entry address
  • Don't lower FIRST_DEVICE_VECTOR for x86_64 too
  • Map 32bit vsyscall area from ptrace
Additional Infos for s390
Patchcluster 34
  • Problem-ID: 21445 - dasd: Fixed open_count usage.
  • Problem-ID: 22299 - cio: Setting devices online does not fail as expected.
  • Problem-ID: 22300 - cio: Deadlocks during machine checks.
  • Problem-ID: 22169 - kernel: iucv message limit for smsg
  • Problem-ID: 22170 - kernel: spin lock retry performance.
  • Problem-ID: 21974 - kernel: strnlen_user() may return wrong values.
  • Problem-ID: 22497 - kernel: make cmm related proc entries world readable.
  • Problem-ID: 23074 - kernel: Missing error check on signal frame setup.
  • Problem-ID: 22098 - net:ctc: The former experimental and untested tty feature of the ctc network driver shows some problems. As this feature is not known to be used it is removed now.
  • Problem-ID: 22637 - qeth: qethconf not adding IPv4 addresses.
  • Problem-ID: 22956 - qeth: tx_bytes and rx_bytes counter are not set properly.
  • Problem-ID: 22965 - qeth: setting of attribute "route6" to "primary_router" works only once.
  • Problem-ID: 22991 - qeth: /proc/qeth_perf reports negative times.
  • Problem-ID: 22772 - z90crypt: Analysis revealed unreachable code.
  • Problem-ID: 22773 - z90crypt: Analysis revealed a possible memory overlay.
Patchcluster 35
  • Problem-ID: 23146 - cio: Enable interrupts on error path.
  • Problem-ID: 23146 - cio: I/O failing after CHPID is offline despite remaining CHPIDs.
  • Problem-ID: 23355 - kernel: Signal handling bug.
  • Problem-ID: 23074 - kernel: Bug in setup_rt_frame().
  • Problem-ID: 22969 - net: initcall order.
  • Problem-ID: 22223 - qdio: I/O stall with zfcp in low-memory situation.
  • Problem-ID: 23195 - qeth: Race condition possible during device recovery.
  • Problem-ID: 23458 - qeth: System crash during data transmission.
For further description of the named Problem-IDs, please look at


Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh kernel-s390x.rpm kernel-source.rpm kernel-syms.rpm zipl
When rebooting the Linux on zSeries z/VM guests, please ensure that you have installed the PTFs for APAR VM63742:
  • z/VM 4.4: UM31426
  • z/VM 5.1: UM31428
Otherwise re-boot under z/VM will not work anymore.
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates