sledp2-kernelSecurity update for Linux kernelSecurity update for Linux kernelThis is a respin of the previous kernel update, which got
retracted due to an IDE-CDROM regression, where any IDE
CDROM access would hang or crash the system. Only this
problem was fixed additionally.
This kernel update fixes the following security problems:
CVE-2008-1615: On x86_64 a denial of service attack could
be used by local attackers to immediately panic / crash the
machine.
CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk
could potentially allow local attackers to execute code by
timing file locking.
CVE-2008-2372: Fixed a resource starvation problem in the
handling of ZERO mmap pages.
CVE-2008-1673: The asn1 implementation in (a) the Linux
kernel, as used in the cifs and ip_nat_snmp_basic modules
does not properly validate length values during decoding of
ASN.1 BER data, which allows remote attackers to cause a
denial of service (crash) or execute arbitrary code via (1)
a length greater than the working buffer, which can lead to
an unspecified overflow; (2) an oid length of zero, which
can lead to an off-by-one error; or (3) an indefinite
length for a primitive encoding.
CVE-2008-2812: Various tty / serial devices did not check
functionpointers for NULL before calling them, leading to
potential crashes or code execution. The devices affected
are usually only accessible by the root user though.
CVE-2008-2931: A missing permission check in mount changing
was added which could have been used by local attackers to
change the mountdirectory.
Additionaly a very large number of bugs was fixed. Details
can be found in the RPM changelog of the included packages.
OCFS2 has been upgraded to the 1.4.1 release:
- Endian fixes
- Use slab caches for DLM objects
- Export DLM state info to debugfs
- Avoid ENOSPC in rare conditions when free inodes are
reserved by other nodes
- Error handling fix in ocfs2_start_walk_page_trans()
- Cleanup lockres printing
- Allow merging of extents
- Fix to allow changing permissions of symlinks
- Merged local fixes upstream (no code change)
This is a respin of the previous kernel update, which got
retracted due to an IDE-CDROM regression, where any IDE
CDROM access would hang or crash the system. Only this
problem was fixed additionally.
This kernel update fixes the following security problems:
CVE-2008-1615: On x86_64 a denial of service attack could
be used by local attackers to immediately panic / crash the
machine.
CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk
could potentially allow local attackers to execute code by
timing file locking.
CVE-2008-2372: Fixed a resource starvation problem in the
handling of ZERO mmap pages.
CVE-2008-1673: The asn1 implementation in (a) the Linux
kernel, as used in the cifs and ip_nat_snmp_basic modules
does not properly validate length values during decoding of
ASN.1 BER data, which allows remote attackers to cause a
denial of service (crash) or execute arbitrary code via (1)
a length greater than the working buffer, which can lead to
an unspecified overflow; (2) an oid length of zero, which
can lead to an off-by-one error; or (3) an indefinite
length for a primitive encoding.
CVE-2008-2812: Various tty / serial devices did not check
functionpointers for NULL before calling them, leading to
potential crashes or code execution. The devices affected
are usually only accessible by the root user though.
CVE-2008-2931: A missing permission check in mount changing
was added which could have been used by local attackers to
change the mountdirectory.
Additionaly a very large number of bugs was fixed. Details
can be found in the RPM changelog of the included packages.
OCFS2 has been upgraded to the 1.4.1 release:
- Endian fixes
- Use slab caches for DLM objects
- Export DLM state info to debugfs
- Avoid ENOSPC in rare conditions when free inodes are
reserved by other nodes
- Error handling fix in ocfs2_start_walk_page_trans()
- Cleanup lockres printing
- Allow merging of extents
- Fix to allow changing permissions of symlinks
- Merged local fixes upstream (no code change)
security
This update can be used to install a new kernel.
If you decide to use the kernel update, we recommend that you reboot
your system upon completion of the YaST Online Update, as additional
kernel modules may be needed which can only be loaded after the system
is rebooted.
If you are in the course of performing a new installation, the installer
will reboot the machine after installing the patch. If you do not want
to reboot, deselect this patch.
kernel-defaultx86_644bb0dde029f4440c018dad90c5d08f54034baea5kernel-smpx86_648e15142ac33b189eba172e1c6724f70b3c237d9akernel-sourcex86_64c0feea5a837e0e6d64a84487f5088f6f0441621ckernel-symsx86_644afb5cccd01b5a2f459ea38a60c1481537fcc7c1kernel-xenx86_643302bc1c7ef4ddf7964fcab06d416e2b56ef7ded