Security update for Linux kernel
(Last modified: 20JAN2005)
solutions Security update for Linux kernel SuSE Linux Maintenance Web (f554b86a4bb286de63150e5f2dee7be5)
Product(s): SuSE Linux Enterprise Server 8 for AMD64
- An unlocked VM operation could lead to a local user gaining root access using a handcrafted ELF binary and the uselib system call. This problem was found by Paul Starzetz and has been assigned the Mitre CVE ID CAN-2004-1235.
- A race condition in the SMP page fault handler could lead to a local attacker gaining root access on SMP machines. This problem was also found by Paul Starzetz and has been assigned the Mitre CVE ID CAN-2005-001.
- A problem in the earlier cmsg / sendmsg security fix was identified and fixed which could lead 32bit applications on a 64bit system (like i386 binaries on x86_64, or PowerPC binaries on a PowerPC64 system) to handle the sendmsg call incorrectly.
- An incomplete fix of the IGMP problem in the last update was replaced by the final approved fix.
- A local denial of service against the auditing system was fixed.
- IRQ safety issues in the gendisk layer were fixed.
First, find out which kernel package to use, for example with
rpm -qf /boot/vmlinuz
Download the kernel image fitting your setup and install it with either:
- rpm -Fvh k_deflt-2.4.*.rpm for the default kernel image, or
- rpm -Fhv k_smp-2.4.*.rpm for the SMP kernel image, or
- rpm -Fhv k_numa-2.4.*.rpm for the NUMA kernel image
Finally, reboot the system with
shutdown -r now
to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.)
Download Source Packages
Download the source code of the patches for maintained products.