-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                kernel
        Announcement ID:        SUSE-SA:2006:079
        Date:                   Thu, 21 Dec 2006 14:00:00 +0000
        Affected Products:      Novell Linux Desktop 9
                                Novell Linux POS 9
                                Open Enterprise Server
                                SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SUSE SLED 10
                                SUSE SLES 10
                                SUSE SLES 9
        Vulnerability Type:     remote denial of service
                                local denial of service
                                local privilege escalation
        Severity (1-10):        7
        SUSE Default Package:   yes
        Cross-References:       CVE-2006-3741, CVE-2006-4145, CVE-2006-4538
                                CVE-2006-4572, CVE-2006-4623, CVE-2006-4813
                                CVE-2006-4997, CVE-2006-5173, CVE-2006-5174
                                CVE-2006-5619, CVE-2006-5648, CVE-2006-5649
                                CVE-2006-5751, CVE-2006-5757, CVE-2006-5823
                                CVE-2006-6053, CVE-2006-6054, CVE-2006-6056
                                CVE-2006-6060

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             various kernel security problems
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   The Linux 2.6 kernel has been updated to fix various security issues.

   On SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10 and
   their derived products this update also contains various bugfixes.

   - CVE-2006-4145: A bug within the UDF filesystem that caused machine
                    hangs when truncating files on the filesystem
                    was fixed.


   - CVE-2006-4623: A problem in DVB packet handling could be used
                    to crash the machine when receiving DVB net packages
                    is active.


   - CVE-2006-3741: A struct file leak was fixed in the perfmon(2) system
                    call on the Itanium architecture.


   - CVE-2006-4538: A malformed ELF image can be used on the Itanium
                    architecture to trigger a kernel crash (denial of
                    service) when a local attacker can supply it to
                    be started.


   - CVE-2006-4997: A problem in the ATM protocol handling clip_mkip
                    function could be used by remote attackers to
                    potentially crash the machine.

   - CVE-2006-5757/ CVE-2006-6060: A problem in the grow_buffers function
                    could be used to crash or hang the machine using a
                    corrupted filesystem. This affects filesystem types
                    ISO9660 and NTFS.

   - CVE-2006-5173: On the i386 architecture the EFLAGS content was not
                    correctly saved, which could be used by local
                    attackers to crash other programs using the AC and
                    NT flag or to escalate privileges by waiting for
                    iopl privileges to be leaked.

   - CVE-2006-5174: On the S/390 architecture copy_from_user() could be
                    used by local attackers to read kernel memory.

   - CVE-2006-5619: A problem in IPv6 flow label handling can be used by
                    local attackers to hang the machine.

   - CVE-2006-5648: On the PowerPC architecture a syscall has been wired
                    without the proper futex implementation that can be
                    exploited by a local attacker to hang the machine.

   - CVE-2006-5649: On the PowerPC architecture the proper futex
                    implementation was missing a fix for alignment check
                    which could be used by a local attacker to crash
                    the machine.

   - CVE-2006-5823: A problem in cramfs could be used to crash the machine
                    during mounting a crafted cramfs image. This requires
                    an attacker to supply such a crafted image and have
                    a user mount it.

   - CVE-2006-6053: A problem in the ext3 filesystem could be used by
                    attackers able to supply a crafted ext3 image to
                    cause a denial of service or further data corruption
                    if a user mounts this image.

   - CVE-2006-6054: A problem in the ext2 filesystem could be used by
                    attackers supplying crafted ext2 images to users                    could crash the machine during mount.

   - CVE-2006-6056: Missing return code checking in the HFS could be used
                    to crash machine when a user complicit attacker is
                    able to supply a specially crafted HFS image.

   - CVE-2006-4572: Multiple unspecified vulnerabilities in netfilter for
                    IPv6 code allow remote attackers to bypass intended
                    restrictions via fragmentation attack vectors,
                    aka (1) "ip6_tables protocol bypass bug" and (2)
                    "ip6_tables extension header bypass bug".

   - CVE-2006-5751: An integer overflow in the networking bridge ioctl
                    starting with Kernel 2.6.7 could be used by local
                    attackers to overflow kernel memory buffers and
                    potentially escalate privileges.

   - CVE-2006-4813: A information leak in __block_prepare_write was fixed,
                    which could disclose private information of previously
                    unlinked files.

2) Solution or Work-Around

   There is no known workaround, please install the update packages.

3) Special Instructions and Notes

   Reboot the machine after installing this update.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv 

   to apply the update, replacing  with the filename of the
   downloaded RPM package.


   x86 Platform:

   SUSE LINUX 10.1:
             20362ce00889e9eac688faa59ad0f301
             eb33b9f8581bc89d3a4a3feecf197ef5
             1879d07a3b908ff8b87c507860070118
             04f60041ee278134b38e7fd9e56ef102
             bc1d9c70715b5dd3495558f175abd1bf
             720a9e6cbf2f3594a718db1d74b0e901
             fca30f1add27cb21d32eac318279f3f9
             1af0a0a78a6cf463b04f77b52e63b57c
             2f0499125c0aa167a2391e654c5b043b
             3865d785615cf7dbbe7cae8dc5c2445e
             c6a2bbd256a70b7cd2e4bb25f04b2771
             9a26035aa882c88c7dbda60bed64e729
             a4405ddbca3a81a15811a385760d135b
             738e1ad997da16145fa6392dff59dbd2
             e5ca4700bcbce7f4e247a04552554c52

   SUSE LINUX 10.0:
             779716bea2ce468f73b5e7be2c36cf97
             b95098cd1879df7c3a0bdcbe1e206e64
             70cf8aaeca7af078edc0907d934cf16a
             c0aee85951759f60f10031034a0710ea
             5081580d742671f6a1c1654e682b0b3c
             fcd605a287b8ab5af504f50f7a5cd04d
             5ccb28594c3bbfd3f0d55057321f0dd3
             9e59562a1131efca6852d4679256236a
             3fad95aae4eeba413f61304941171628
             05622beea615d8b312b4953b61b90021
             2a59f92c159da861adcb5f7e278a3e02
             e630316df432d5523b00edd66a7cfcd6
             0894832e10d0b58235d2578e67cc928c
             be464dab1cbc94dbb67ee7f84f8c9aa9

   SUSE LINUX 9.3:
             1d3ad978025b9d97bb7a90db61356da8
             f225c96f36550606ea68f4ac3bfe74dc
             f35b5c66a2ba4437eec2b8b810eb5c6b
             f444923fb3756410f2830dfa19b9774d
             2e07056e10890ffbd50c59abb40befe1
             096868f28a76e95f1ebc9338b110a5f0
             a84bf62f441f32f09884c07693c5aa18
             3544a5b183926981b591f89626033781
             d46db3e4da45262de1bf61c5b9e6a9a3
             f7d32fd8d0d38f0b9ac1f0cf98ab1a1c
             a862ec208be9e31dcff7dbf7c540d5a4
             5323a6c912bf2ea3aecfe01f1f25029f
             f6ec0b9626fed9f54919415fa5d262a5
             116853b601518db7e3f081a38cd7e448
             4c566b558056292cbc8730c6a8275e19
             8082e95baeadd7527787d7ef960fea3b

   Platform Independent:

   SUSE LINUX 9.3:
             b010aa9454cc8b1631fc271148bfc99e

   Power PC Platform:

   SUSE LINUX 10.1:
             f7cf4448592556658428a4d6c1f80a26
             00d04e7cfbc9b27dc5dca9dcd9c715d2
             98faf70272be4b6abd887f4d04fc6284
             1411437f7005f90d7083d8fb5cad99ce
             edbbb370525bfb9caefe22c563b73b7a
             d15067647e646c65245934dc21cf6d13
             5b244ec190ab5e8432d04b286fd595c3
             2592ff0cebfee11a54163a86354e9c40
             5c6faf58161ef7607c29eafb995698d9
             40b7b338af66872ba3ab5cf4b2f0e792

   SUSE LINUX 10.0:
             3f99986f3194d8a6b1dcfa9bc737387a
             44273fe733fb0f6227fddcc3d93bf723
             880f61aa27d2cf85f687b63536f9b76a
             78995147e37e08ce50e06d9f4b6bdd43
             b38cf17b95ffefe1177c5e50b0fb7f5f

   x86-64 Platform:

   SUSE LINUX 10.1:
             36d4798029d37d58e04d4e088c857d05
             8f8d92d0d3bd28abab96593619f7e110
             422a4e7a8330bbefc616acf90cde155c
             b49a2612377a09dcda55bfc7b077559b
             0da3b45f9e5c7f679fbb5633baaf0370
             78de774b4943c716f071e15843c061b7
             3d68e95abd041b2131118b1cff963703
             50b692b9662c0308cd3fb83573a1d10c
             f48e546e789c3590e617484c38cab9ac
             9cf969cf4bb76b77ae13ebc287908cc9
             42c6343b258e4363ccb510f429555857
             c28d409a7cb6edbc077e0edd5fccf91a

   SUSE LINUX 10.0:
             194e64a59862dcebba2b7e58818747b4
             3fa5ca85656cb037a72a1d1855d38d7f
             ddb5c45b75d967a52ee39dbd71ffc52e
             ca21f69550373f05fbff08b2c4505203
             a1143a950fe7f50f5664f7a009a0b796
             b6bf0d933792855235b6fe848328f05b
             be16a4f55e8e5b69f9677ed9ebee29e9
             0466ac6e4d01edaf3cd702859e4d0f0e

   SUSE LINUX 9.3:
             e3ccbf0a746cbc8f91a53864c7cc44f4
             df750c05231346c502f54c23a60c67e2
             09e22d0a4b0826687ce68ba535b53d40
             7163a5cc8545db178688d3d23817c375
             6457587a33198b4fcd04b3ed2c99b589
             23a663cd7658a95e02b8fd46b8b3e810

   Sources:

   SUSE LINUX 10.1:
             b35b46b9331de972842e5869a4944d3f
             e657caa01e2c07019f8cc889777f11b7
             eebf35ce636a741f9bc47a2fa382ce76
             d09b683ab819709aadf9ece6b3f3e707
             617e45734469b9dd49cd44e1a9e024bc
             197bf280a2b992f24d1827c0d081d8e0
             0d164685b97350f60bb13b2408b3e0f6
             948af0a9a23e466e00102d1412ca6aea
             5ab46df57270adabab766f3f08f04f3f
             8a8d3d518e01d9477d4bb11680239d3b
             ef135de71f6434a981bed66f01f3a606
             d2145a8c27a2324e0a6bf048c27c8a7e
             07a7cf8799deffdd0f5606ba4c6e6fe7
             8ac081406c2636d27412aa2c41d6cfe8
             642fb05f65f4629b60b98d72a3333efe
             f52ea025e7ea1a9e131c13e5a6018775
             cbd7aa05bc56bbbfed68ea4611ac16dc

   SUSE LINUX 10.0:
             cea6899a95d45178d21168b6aa4dd922
             98260538fb3afb196a0fb1f52edc00c5
             f0a9e177557eb196adba8d19c6e06f4e
             bc5365eda00fd8db053b4dbe16e168c3
             72c601464252532948d3ab8ea73b872a
             9576c07ca12e6f50e86d0d063cd16df2
             47b3c7e171c000824e42aa594e7681d3
             003debda7e60a61eaf01f2798bb1fa65
             9cba4d63d45f4d4c908b137c5e069bb7
             2cfa5afc504eda54df8116c5ce42c23e
             16c0f03172d069271f515dbeb24eb19b

   SUSE LINUX 9.3:
             f3f522d91ffba19568e1d0fe6142deb9
             24fb636744affbe2f7c96a9140b2def1
             a68261d68dec7866b7b3f2d3b9d6f1f0
             4fa98524a2dbb11d5e8f38f161c79c94
             59936703da3fa4c3f06d709d91a4f05a
             a1862d7ee039c35b9dfd2bf61a3396e5
             a0caf67ace3014157e0c0bfcbd1143b6
             c64e46fd270b095a1d57ac9cf1c895ed
             574b65b39dfe4f65fa7d18cdd1b8f2ba
             ebe62382458daba958312b5cde956883
             4ec6d9d84c4f7d606ef699fb3b2ddb23

   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:

   Novell Linux Desktop 9 for x86
     http://support.novell.com/techcenter/psdb/15107fb406dee9a6d661cedc4a7bd068.html

   Novell Linux Desktop 9
     http://support.novell.com/techcenter/psdb/15107fb406dee9a6d661cedc4a7bd068.html
     http://support.novell.com/techcenter/psdb/06a879ef6bcde6c750e9ee4e43ccc446.html

   Novell Linux Desktop 9 for x86_64
     http://support.novell.com/techcenter/psdb/06a879ef6bcde6c750e9ee4e43ccc446.html

   SUSE SLED 10 for AMD64 and Intel EM64T
     http://support.novell.com/techcenter/psdb/aa32c28c0e5ddf716b0e61d93331f86d.html

   SUSE SLES 10
     http://support.novell.com/techcenter/psdb/aa32c28c0e5ddf716b0e61d93331f86d.html
     http://support.novell.com/techcenter/psdb/8d1bb2f1def9904433821604ff90783e.html
     http://support.novell.com/techcenter/psdb/dd622f88b5acaa6cb876b101236a952e.html
     http://support.novell.com/techcenter/psdb/87e2c4f32a1d32427f4f6a08a52ff58e.html
     http://support.novell.com/techcenter/psdb/9b70db20ae4e8d5034a104f1305d437c.html

   SUSE SLED 10
     http://support.novell.com/techcenter/psdb/aa32c28c0e5ddf716b0e61d93331f86d.html
     http://support.novell.com/techcenter/psdb/9b70db20ae4e8d5034a104f1305d437c.html

   SUSE SLED 10 for x86
     http://support.novell.com/techcenter/psdb/9b70db20ae4e8d5034a104f1305d437c.html

   SUSE CORE 9 for AMD64 and Intel EM64T
     http://support.novell.com/techcenter/psdb/8256ebb61cc00811a06c0fd252c18d5a.html

   SUSE CORE 9 for IBM zSeries 64bit
     http://support.novell.com/techcenter/psdb/dc588035c8569c0fba9c9e33685f698c.html

   SUSE CORE 9 for IBM S/390 31bit
     http://support.novell.com/techcenter/psdb/36b4bba8bf8a44877f22acb24254f105.html

   SUSE CORE 9 for IBM POWER
     http://support.novell.com/techcenter/psdb/f74c89856bd24e4e5b10b44a1b7fb438.html

   SUSE CORE 9 for Itanium Processor Family
     http://support.novell.com/techcenter/psdb/7ac58979c59cf50840e70f4bc277e4f8.html

   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/8256ebb61cc00811a06c0fd252c18d5a.html
     http://support.novell.com/techcenter/psdb/dc588035c8569c0fba9c9e33685f698c.html
     http://support.novell.com/techcenter/psdb/36b4bba8bf8a44877f22acb24254f105.html
     http://support.novell.com/techcenter/psdb/f74c89856bd24e4e5b10b44a1b7fb438.html
     http://support.novell.com/techcenter/psdb/7ac58979c59cf50840e70f4bc277e4f8.html
     http://support.novell.com/techcenter/psdb/4ea26fcc1ac12ca4ae3124c429ea7994.html

   Open Enterprise Server
     http://support.novell.com/techcenter/psdb/15107fb406dee9a6d661cedc4a7bd068.html
     http://support.novell.com/techcenter/psdb/d9aec765cc3bc34382a96bfc703b9ff2.html

   Novell Linux POS 9
     http://support.novell.com/techcenter/psdb/4ea26fcc1ac12ca4ae3124c429ea7994.html
     http://support.novell.com/techcenter/psdb/d9aec765cc3bc34382a96bfc703b9ff2.html

   SUSE CORE 9 for x86
     http://support.novell.com/techcenter/psdb/4ea26fcc1ac12ca4ae3124c429ea7994.html
     http://support.novell.com/techcenter/psdb/d9aec765cc3bc34382a96bfc703b9ff2.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify 

    replacing  with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made  using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team "

    where  is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig 

       to verify the signature of the package, replacing  with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from build@suse.de with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum 

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by security@suse.de), the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be
       verified.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    opensuse-security@opensuse.org
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    ====================================================================    SUSE's security contact is  or .
    The  public key is listed below.
    ====================================================================