Explore top 10 tips to secure your open-source projects now. Read More
×
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2006:064
Date: Fri, 10 Nov 2006 10:00:00 +0000
Affected Products: SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SUSE LINUX Retail Solution 8
SuSE Linux School Server
SuSE Linux Standard Server 8
UnitedLinux 1.0
Vulnerability Type: local privilege escalation
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CVE-2006-2444, CVE-2006-2935, CVE-2006-3468
Content of This Advisory:
1) Security Vulnerability Resolved:
various Linux 2.4 kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel in our old Linux 2.4 kernel based distributions have
been updated to fix various security issues and bugs.
The bugs tracked by CVE-2006-3468, CVE-2006-2935, and CVE-2006-2444 were
already fixed for all other products and announced in SUSE-SA:2006:057
and SUSE-SA:2006:047 respectively.
- CVE-2006-3468: Remote attackers able to access an NFS of a ext2 or
ext3 filesystem can cause a denial of service (file
system panic) via a crafted UDP packet with a V2
look-up procedure that specifies a bad file handle
(inode number), which triggers an error and causes
an exported directory to be remounted read-only.
This requires attackers with local network access.
- CVE-2006-2935: A stack based buffer overflow in CDROM / DVD
handling was fixed which could be used by a physical
local attacker to crash the kernel or execute code
within kernel context, depending on presence of
automatic DVD handling in the system. By default
our systems do not have automatic DVD handling.
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of
service (crash) via unspecified remote attack
vectors that cause failures in snmp_trap_decode
that trigger (1) frees of random memory or (2)
frees of previously-freed memory (double-free) by
snmp_trap_decode as well as its calling function,
as demonstrated via certain test cases of the PROTOS
SNMP test suite.
Also the following non-security bugs were fixed:
- If the IPX network protocol was active, it was theoretically possible
to remotely crash the machine by special crafted IPX network packets.
The Linux kernel developers consider this problem not exploitable,
so no CVE was assigned.
- Fix dumps with DUMP_LEVEL=2.
- Fixed some server crashes with "__alloc_pages: 1-order allocation failed
(gfp=0x1f0/0)" errors.
Fixes for the S/390:
- This update contains the following Code Drops from Developerworks:
Patchcluster 36
- Problem-ID: 26014 qeth: stack trace with msg "inconsistent lock state"
- Problem-ID: 27706 kernel: user readable uninitialized kernel memory.
For further description of the named Problem-IDs, please look to
https://www.ibm.com/us-en
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv
Get the latest Linux and open source security news straight to your inbox.