-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ## ## Patch description of patch a119095a26a882ce898e6ee8dd3518c1 ## Kind: security Shortdescription.english: Security update for Linux kernel Longdescription.english: Applies to Package: k_athlon,k_deflt,k_psmp,k_smp,k_debug,kernel-source Product(s): Release: 20050120 Obsoletes: ba7b20a1cb3edabd5225cf0c9bdf4450 Indications Everyone using the Linux Kernel on x86 architecture should update. Contraindications None. Problem description This update fixes following security problems: * An unlocked VM operation could lead to a local user gaining root access using a handcrafted ELF binary and the uselib system call. This problem was found by Paul Starzetz and has been assigned the Mitre CVE ID CAN-2004-1235. * A race condition in the SMP page fault handler could lead to a local attacker gaining root access on SMP machines. This problem was also found by Paul Starzetz and has been assigned the Mitre CVE ID CAN-2005-001. * A problem in the earlier cmsg / sendmsg security fix was identified and fixed which could lead 32bit applications on a 64bit system (like i386 binaries on x86_64, or PowerPC binaries on a PowerPC64 system) to handle the sendmsg call incorrectly. * An incomplete fix of the IGMP problem in the last update was replaced by the final approved fix. Additional bug fixes were done: * On the i386 platform, the LDT was not always cleared in the correct context. * A local denial of service against the auditing system was fixed. * IRQ safety issues in the gendisk layer were fixed. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as an RPM package that can easily be installed onto a running system. First, find out which kernel package to use, for example with rpm -qf /boot/vmlinuz Download the kernel image fitting your setup and install it with either: * rpm -Fvh k_deflt-2.4.*.i586.rpm for the default kernel image, or * rpm -Fhv k_athlon-2.4.*.i586.rpm for the AMD Athlon optimized kernel image, or * rpm -Fhv k_smp-2.4.*.i586.rpm for the SMP kernel image, or * rpm -Fhv k_psmp-2.4.*.i586.rpm for the PSMP kernel image Please do only install one of these kernels, not all of them. In case you are using LILO as bootmanager, please make sure that you also execute the command lilo after installing the update for the system to remain bootable. Finally, reboot the system with shutdown -r now to load the new kernel (replace "now" with the appropriate amount of time to allow local users to cleanly log out, for example "+5" for five minutes.) Hsilgne.noitpircsedgnol: Size: 243216 Preinformation.english: This update can be used to install a new kernel. If you decide to use the kernel update, we recommend that you reboot your system upon completion of the YaST Online Update, as additional kernel modules may be needed which can only be loaded after the system is rebooted. Hsilgne.noitamrofnierp: MinYaST1Version: MinYaST2Version: UpdateOnlyInstalled: true Packages: ## ## -----> k_athlon <----- ## Filename: k_athlon.rpm Label: Kernel optimized for AMD Athlon processors Series: i586 Size: 57809936 22527273 Buildtime: 1105969294 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: System/Kernel Copyright: GPL AuthorName: Linus Torvalds et al. AuthorAddress: Version: 2.4.21-273 StartCommand: Obsoletes: Requires: /sbin/mkinitrd /bin/cp /bin/sed /bin/touch /bin/awk /bin/sh rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: kernel ## ## -----> k_debug <----- ## Filename: k_debug.rpm Label: Debug version of the kernel. Series: i586 Size: 697447361 111656493 Buildtime: 1105972475 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: System/Kernel Copyright: GPL AuthorName: AuthorAddress: Version: 2.4.21-273 StartCommand: Obsoletes: Requires: /sbin/mkinitrd /bin/cp /bin/sed /bin/touch /bin/awk /bin/sh rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: kernel ## ## -----> k_deflt <----- ## Filename: k_deflt.rpm Label: The standard kernel Series: i586 Size: 55502058 22264314 Buildtime: 1105969975 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: System/Kernel Copyright: GPL AuthorName: AuthorAddress: Version: 2.4.21-273 StartCommand: Obsoletes: Requires: /sbin/mkinitrd /bin/cp /bin/sed /bin/touch /bin/awk /bin/sh rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: k_deflt_24 k_laptop k_eide k_deflt_22 k_pentiu k_orig kernel ## ## -----> k_psmp <----- ## Filename: k_psmp.rpm Label: Kernel 2.4 with SMP-support for older processors (Pentium classic) Series: i586 Size: 56019910 22689670 Buildtime: 1105970537 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: System/Kernel Copyright: GPL AuthorName: torvalds@transmeta.com AuthorAddress: Version: 2.4.21-273 StartCommand: Obsoletes: Requires: /sbin/mkinitrd /bin/cp /bin/sed /bin/touch /bin/awk /bin/sh rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: kernel ## ## -----> k_smp <----- ## Filename: k_smp.rpm Label: Kernel with multiprocessor support Series: i586 Size: 57873681 22885147 Buildtime: 1105970017 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: System/Kernel Copyright: GPL AuthorName: AuthorAddress: Version: 2.4.21-273 StartCommand: Obsoletes: Requires: /sbin/mkinitrd /bin/cp /bin/sed /bin/touch /bin/awk /bin/sh rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: k_smp_24 k_smp_22 kernel ## ## -----> kernel-source <----- ## Filename: kernel-source.rpm Label: The Linux kernel (the core of the Linux operating system) Series: i586 Size: 274011273 47030987 Buildtime: 1105964016 DepAND: DepOR: DepExcl: Flag: Category: RpmGroup: Development/Sources Copyright: GPL AuthorName: Linus Torvalds see /usr/src/linux/CREDITS for more details. AuthorAddress: Version: 2.4.21-273 StartCommand: Obsoletes: Requires: make c_compiler rpmlib(PayloadIsBzip2) <= 3.0.5-1 Provides: linux lx_suse lx_sus22 lx_sus24 Segakcap: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFB8PbwqE7a6JyACsoRAjMXAJ0Wnr58dG0EqjvMSBEQrOa8afW/rwCf eXRLFaaI9QUYWH8b+yjSs88IuD8= =BU1k -----END PGP SIGNATURE-----