SUSE Security Announcement: Linux kernel (SUSE-SA:2006:079)
Posted on: 12/21/2006 03:00 PM

A security announcement from SUSE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: kernel
Announcement ID: SUSE-SA:2006:079
Date: Thu, 21 Dec 2006 14:00:00 +0000
Affected Products: Novell Linux Desktop 9
Novell Linux POS 9
Open Enterprise Server
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE SLED 10
SUSE SLES 10
SUSE SLES 9
Vulnerability Type: remote denial of service
local denial of service
local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-3741, CVE-2006-4145, CVE-2006-4538
CVE-2006-4572, CVE-2006-4623, CVE-2006-4813
CVE-2006-4997, CVE-2006-5173, CVE-2006-5174
CVE-2006-5619, CVE-2006-5648, CVE-2006-5649
CVE-2006-5751, CVE-2006-5757, CVE-2006-5823
CVE-2006-6053, CVE-2006-6054, CVE-2006-6056
CVE-2006-6060

Content of This Advisory:
1) Security Vulnerability Resolved:
various kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

The Linux 2.6 kernel has been updated to fix various security issues.

On SUSE Linux Enterprise Server 9 and SUSE Linux Enterprise 10 and
their derived products this update also contains various bugfixes.

- CVE-2006-4145: A bug within the UDF filesystem that caused machine
hangs when truncating files on the filesystem
was fixed.


- CVE-2006-4623: A problem in DVB packet handling could be used
to crash the machine when receiving DVB net packages
is active.


- CVE-2006-3741: A struct file leak was fixed in the perfmon(2) system
call on the Itanium architecture.


- CVE-2006-4538: A malformed ELF image can be used on the Itanium
architecture to trigger a kernel crash (denial of
service) when a local attacker can supply it to
be started.


- CVE-2006-4997: A problem in the ATM protocol handling clip_mkip
function could be used by remote attackers to
potentially crash the machine.

- CVE-2006-5757/ CVE-2006-6060: A problem in the grow_buffers function
could be used to crash or hang the machine using a
corrupted filesystem. This affects filesystem types
ISO9660 and NTFS.

- CVE-2006-5173: On the i386 architecture the EFLAGS content was not
correctly saved, which could be used by local
attackers to crash other programs using the AC and
NT flag or to escalate privileges by waiting for
iopl privileges to be leaked.

- CVE-2006-5174: On the S/390 architecture copy_from_user() could be
used by local attackers to read kernel memory.

- CVE-2006-5619: A problem in IPv6 flow label handling can be used by
local attackers to hang the machine.

- CVE-2006-5648: On the PowerPC architecture a syscall has been wired
without the proper futex implementation that can be
exploited by a local attacker to hang the machine.

- CVE-2006-5649: On the PowerPC architecture the proper futex
implementation was missing a fix for alignment check
which could be used by a local attacker to crash
the machine.

- CVE-2006-5823: A problem in cramfs could be used to crash the machine
during mounting a crafted cramfs image. This requires
an attacker to supply such a crafted image and have
a user mount it.

- CVE-2006-6053: A problem in the ext3 filesystem could be used by
attackers able to supply a crafted ext3 image to
cause a denial of service or further data corruption
if a user mounts this image.

- CVE-2006-6054: A problem in the ext2 filesystem could be used by
attackers supplying crafted ext2 images to users
could crash the machine during mount.

- CVE-2006-6056: Missing return code checking in the HFS could be used
to crash machine when a user complicit attacker is
able to supply a specially crafted HFS image.

- CVE-2006-4572: Multiple unspecified vulnerabilities in netfilter for
IPv6 code allow remote attackers to bypass intended
restrictions via fragmentation attack vectors,
aka (1) "ip6_tables protocol bypass bug" and (2)
"ip6_tables extension header bypass bug".

- CVE-2006-5751: An integer overflow in the networking bridge ioctl
starting with Kernel 2.6.7 could be used by local
attackers to overflow kernel memory buffers and
potentially escalate privileges.

- CVE-2006-4813: A information leak in __block_prepare_write was fixed,
which could disclose private information of previously
unlinked files.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Reboot the machine after installing this update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.


x86 Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-bigsmp-2.6.16.27-0.6.i586.rpm
20362ce00889e9eac688faa59ad0f301
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-debug-2.6.16.27-0.6.i586.rpm
eb33b9f8581bc89d3a4a3feecf197ef5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-default-2.6.16.27-0.6.i586.rpm
1879d07a3b908ff8b87c507860070118
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-kdump-2.6.16.27-0.6.i586.rpm
04f60041ee278134b38e7fd9e56ef102
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-smp-2.6.16.27-0.6.i586.rpm
bc1d9c70715b5dd3495558f175abd1bf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-source-2.6.16.27-0.6.i586.rpm
720a9e6cbf2f3594a718db1d74b0e901
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-syms-2.6.16.27-0.6.i586.rpm
fca30f1add27cb21d32eac318279f3f9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-um-2.6.16.27-0.6.i586.rpm
1af0a0a78a6cf463b04f77b52e63b57c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xen-2.6.16.27-0.6.i586.rpm
2f0499125c0aa167a2391e654c5b043b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xenpae-2.6.16.27-0.6.i586.rpm
3865d785615cf7dbbe7cae8dc5c2445e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kexec-tools-1.101-32.20.i586.rpm
c6a2bbd256a70b7cd2e4bb25f04b2771
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mkinitrd-1.2-106.25.i586.rpm
9a26035aa882c88c7dbda60bed64e729
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/multipath-tools-0.4.6-25.14.i586.rpm
a4405ddbca3a81a15811a385760d135b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/open-iscsi-0.5.545-9.16.i586.rpm
738e1ad997da16145fa6392dff59dbd2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/udev-085-30.16.i586.rpm
e5ca4700bcbce7f4e247a04552554c52

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.8.i586.rpm
779716bea2ce468f73b5e7be2c36cf97
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-15.13.i586.rpm
b95098cd1879df7c3a0bdcbe1e206e64
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-2.6.13-15.13.i586.rpm
70cf8aaeca7af078edc0907d934cf16a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13-15.13.i586.rpm
c0aee85951759f60f10031034a0710ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl-2.6.13-15.13.i586.rpm
5081580d742671f6a1c1654e682b0b3c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.13.i586.rpm
fcd605a287b8ab5af504f50f7a5cd04d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6.13-15.13.i586.rpm
5ccb28594c3bbfd3f0d55057321f0dd3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-15.13.i586.rpm
9e59562a1131efca6852d4679256236a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15.13.i586.rpm
3fad95aae4eeba413f61304941171628
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.13.i586.rpm
05622beea615d8b312b4953b61b90021
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.13-15.13.i586.rpm
2a59f92c159da861adcb5f7e278a3e02
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.13.i586.rpm
e630316df432d5523b00edd66a7cfcd6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6.13-15.13.i586.rpm
0894832e10d0b58235d2578e67cc928c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13-15.13.i586.rpm
be464dab1cbc94dbb67ee7f84f8c9aa9

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/Intel-536ep-4.69-10.9.i586.rpm
1d3ad978025b9d97bb7a90db61356da8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-2.6.11.4-21.15.i586.rpm
f225c96f36550606ea68f4ac3bfe74dc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-nongpl-2.6.11.4-21.15.i586.rpm
f35b5c66a2ba4437eec2b8b810eb5c6b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-2.6.11.4-21.15.i586.rpm
f444923fb3756410f2830dfa19b9774d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-nongpl-2.6.11.4-21.15.i586.rpm
2e07056e10890ffbd50c59abb40befe1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-2.6.11.4-21.15.i586.rpm
096868f28a76e95f1ebc9338b110a5f0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-nongpl-2.6.11.4-21.15.i586.rpm
a84bf62f441f32f09884c07693c5aa18
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-source-2.6.11.4-21.15.i586.rpm
3544a5b183926981b591f89626033781
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-syms-2.6.11.4-21.15.i586.rpm
d46db3e4da45262de1bf61c5b9e6a9a3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-2.6.11.4-21.15.i586.rpm
f7d32fd8d0d38f0b9ac1f0cf98ab1a1c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-nongpl-2.6.11.4-21.15.i586.rpm
a862ec208be9e31dcff7dbf7c540d5a4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-2.6.11.4-21.15.i586.rpm
5323a6c912bf2ea3aecfe01f1f25029f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-nongpl-2.6.11.4-21.15.i586.rpm
f6ec0b9626fed9f54919415fa5d262a5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ltmodem-8.31a10-7.9.i586.rpm
116853b601518db7e3f081a38cd7e448
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-install-initrd-1.0-50.9.i586.rpm
4c566b558056292cbc8730c6a8275e19
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-kernel-2.6.11.4-21.15.i586.rpm
8082e95baeadd7527787d7ef960fea3b

Platform Independent:

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/kernel-docs-2.6.11.4-21.15.noarch.rpm
b010aa9454cc8b1631fc271148bfc99e

Power PC Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-default-2.6.16.27-0.6.ppc.rpm
f7cf4448592556658428a4d6c1f80a26
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-iseries64-2.6.16.27-0.6.ppc.rpm
00d04e7cfbc9b27dc5dca9dcd9c715d2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-kdump-2.6.16.27-0.6.ppc.rpm
98faf70272be4b6abd887f4d04fc6284
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-ppc64-2.6.16.27-0.6.ppc.rpm
1411437f7005f90d7083d8fb5cad99ce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-source-2.6.16.27-0.6.ppc.rpm
edbbb370525bfb9caefe22c563b73b7a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-syms-2.6.16.27-0.6.ppc.rpm
d15067647e646c65245934dc21cf6d13
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mkinitrd-1.2-106.25.ppc.rpm
5b244ec190ab5e8432d04b286fd595c3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/multipath-tools-0.4.6-25.14.ppc.rpm
2592ff0cebfee11a54163a86354e9c40
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/open-iscsi-0.5.545-9.16.ppc.rpm
5c6faf58161ef7607c29eafb995698d9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/udev-085-30.16.ppc.rpm
40b7b338af66872ba3ab5cf4b2f0e792

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-15.13.ppc.rpm
3f99986f3194d8a6b1dcfa9bc737387a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.13-15.13.ppc.rpm
44273fe733fb0f6227fddcc3d93bf723
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15.13.ppc.rpm
880f61aa27d2cf85f687b63536f9b76a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-15.13.ppc.rpm
78995147e37e08ce50e06d9f4b6bdd43
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.13.ppc.rpm
b38cf17b95ffefe1177c5e50b0fb7f5f

x86-64 Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-debug-2.6.16.27-0.6.x86_64.rpm
36d4798029d37d58e04d4e088c857d05
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-default-2.6.16.27-0.6.x86_64.rpm
8f8d92d0d3bd28abab96593619f7e110
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-kdump-2.6.16.27-0.6.x86_64.rpm
422a4e7a8330bbefc616acf90cde155c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-smp-2.6.16.27-0.6.x86_64.rpm
b49a2612377a09dcda55bfc7b077559b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-source-2.6.16.27-0.6.x86_64.rpm
0da3b45f9e5c7f679fbb5633baaf0370
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-syms-2.6.16.27-0.6.x86_64.rpm
78de774b4943c716f071e15843c061b7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-xen-2.6.16.27-0.6.x86_64.rpm
3d68e95abd041b2131118b1cff963703
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kexec-tools-1.101-32.20.x86_64.rpm
50b692b9662c0308cd3fb83573a1d10c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mkinitrd-1.2-106.25.x86_64.rpm
f48e546e789c3590e617484c38cab9ac
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/multipath-tools-0.4.6-25.14.x86_64.rpm
9cf969cf4bb76b77ae13ebc287908cc9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/open-iscsi-0.5.545-9.16.x86_64.rpm
42c6343b258e4363ccb510f429555857
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/udev-085-30.16.x86_64.rpm
c28d409a7cb6edbc077e0edd5fccf91a

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.13-15.13.x86_64.rpm
194e64a59862dcebba2b7e58818747b4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nongpl-2.6.13-15.13.x86_64.rpm
3fa5ca85656cb037a72a1d1855d38d7f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-15.13.x86_64.rpm
ddb5c45b75d967a52ee39dbd71ffc52e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2.6.13-15.13.x86_64.rpm
ca21f69550373f05fbff08b2c4505203
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.13-15.13.x86_64.rpm
a1143a950fe7f50f5664f7a009a0b796
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-15.13.x86_64.rpm
b6bf0d933792855235b6fe848328f05b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-15.13.x86_64.rpm
be16a4f55e8e5b69f9677ed9ebee29e9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2.6.13-15.13.x86_64.rpm
0466ac6e4d01edaf3cd702859e4d0f0e

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-2.6.11.4-21.15.x86_64.rpm
e3ccbf0a746cbc8f91a53864c7cc44f4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-nongpl-2.6.11.4-21.15.x86_64.rpm
df750c05231346c502f54c23a60c67e2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-2.6.11.4-21.15.x86_64.rpm
09e22d0a4b0826687ce68ba535b53d40
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-nongpl-2.6.11.4-21.15.x86_64.rpm
7163a5cc8545db178688d3d23817c375
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-source-2.6.11.4-21.15.x86_64.rpm
6457587a33198b4fcd04b3ed2c99b589
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-syms-2.6.11.4-21.15.x86_64.rpm
23a663cd7658a95e02b8fd46b8b3e810

Sources:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-bigsmp-2.6.16.27-0.6.nosrc.rpm
b35b46b9331de972842e5869a4944d3f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-debug-2.6.16.27-0.6.nosrc.rpm
e657caa01e2c07019f8cc889777f11b7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-default-2.6.16.27-0.6.nosrc.rpm
eebf35ce636a741f9bc47a2fa382ce76
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-iseries64-2.6.16.27-0.6.nosrc.rpm
d09b683ab819709aadf9ece6b3f3e707
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-kdump-2.6.16.27-0.6.nosrc.rpm
617e45734469b9dd49cd44e1a9e024bc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-ppc64-2.6.16.27-0.6.nosrc.rpm
197bf280a2b992f24d1827c0d081d8e0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-smp-2.6.16.27-0.6.nosrc.rpm
0d164685b97350f60bb13b2408b3e0f6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-source-2.6.16.27-0.6.src.rpm
948af0a9a23e466e00102d1412ca6aea
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-syms-2.6.16.27-0.6.src.rpm
5ab46df57270adabab766f3f08f04f3f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-um-2.6.16.27-0.6.nosrc.rpm
8a8d3d518e01d9477d4bb11680239d3b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xen-2.6.16.27-0.6.nosrc.rpm
ef135de71f6434a981bed66f01f3a606
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xenpae-2.6.16.27-0.6.nosrc.rpm
d2145a8c27a2324e0a6bf048c27c8a7e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kexec-tools-1.101-32.20.src.rpm
07a7cf8799deffdd0f5606ba4c6e6fe7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/mkinitrd-1.2-106.25.src.rpm
8ac081406c2636d27412aa2c41d6cfe8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/multipath-tools-0.4.6-25.14.src.rpm
642fb05f65f4629b60b98d72a3333efe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/open-iscsi-0.5.545-9.16.src.rpm
f52ea025e7ea1a9e131c13e5a6018775
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/udev-085-30.16.src.rpm
cbd7aa05bc56bbbfed68ea4611ac16dc

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.8.src.rpm
cea6899a95d45178d21168b6aa4dd922
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-15.13.nosrc.rpm
98260538fb3afb196a0fb1f52edc00c5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-15.13.nosrc.rpm
f0a9e177557eb196adba8d19c6e06f4e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.13-15.13.nosrc.rpm
bc5365eda00fd8db053b4dbe16e168c3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15.13.nosrc.rpm
72c601464252532948d3ab8ea73b872a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.13.nosrc.rpm
9576c07ca12e6f50e86d0d063cd16df2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.13.nosrc.rpm
47b3c7e171c000824e42aa594e7681d3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.13.src.rpm
003debda7e60a61eaf01f2798bb1fa65
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.13.src.rpm
9cba4d63d45f4d4c908b137c5e069bb7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.13.nosrc.rpm
2cfa5afc504eda54df8116c5ce42c23e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.13.nosrc.rpm
16c0f03172d069271f515dbeb24eb19b

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/Intel-536ep-4.69-10.9.src.rpm
f3f522d91ffba19568e1d0fe6142deb9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-bigsmp-2.6.11.4-21.15.nosrc.rpm
24fb636744affbe2f7c96a9140b2def1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-default-2.6.11.4-21.15.nosrc.rpm
a68261d68dec7866b7b3f2d3b9d6f1f0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-docs-2.6.11.4-21.15.src.rpm
4fa98524a2dbb11d5e8f38f161c79c94
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-smp-2.6.11.4-21.15.nosrc.rpm
59936703da3fa4c3f06d709d91a4f05a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-source-2.6.11.4-21.15.src.rpm
a1862d7ee039c35b9dfd2bf61a3396e5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-syms-2.6.11.4-21.15.src.rpm
a0caf67ace3014157e0c0bfcbd1143b6
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-um-2.6.11.4-21.15.nosrc.rpm
c64e46fd270b095a1d57ac9cf1c895ed
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-xen-2.6.11.4-21.15.nosrc.rpm
574b65b39dfe4f65fa7d18cdd1b8f2ba
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/ltmodem-8.31a10-7.9.src.rpm
ebe62382458daba958312b5cde956883
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/um-host-install-initrd-1.0-50.9.src.rpm
4ec6d9d84c4f7d606ef699fb3b2ddb23

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:

Novell Linux Desktop 9 for x86
http://support.novell.com/techcenter/psdb/15107fb406dee9a6d661cedc4a7bd068.html

Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/15107fb406dee9a6d661cedc4a7bd068.html
http://support.novell.com/techcenter/psdb/06a879ef6bcde6c750e9ee4e43ccc446.html

Novell Linux Desktop 9 for x86_64
http://support.novell.com/techcenter/psdb/06a879ef6bcde6c750e9ee4e43ccc446.html

SUSE SLED 10 for AMD64 and Intel EM64T
http://support.novell.com/techcenter/psdb/aa32c28c0e5ddf716b0e61d93331f86d.html

SUSE SLES 10
http://support.novell.com/techcenter/psdb/aa32c28c0e5ddf716b0e61d93331f86d.html
http://support.novell.com/techcenter/psdb/8d1bb2f1def9904433821604ff90783e.html
http://support.novell.com/techcenter/psdb/dd622f88b5acaa6cb876b101236a952e.html
http://support.novell.com/techcenter/psdb/87e2c4f32a1d32427f4f6a08a52ff58e.html
http://support.novell.com/techcenter/psdb/9b70db20ae4e8d5034a104f1305d437c.html

SUSE SLED 10
http://support.novell.com/techcenter/psdb/aa32c28c0e5ddf716b0e61d93331f86d.html
http://support.novell.com/techcenter/psdb/9b70db20ae4e8d5034a104f1305d437c.html

SUSE SLED 10 for x86
http://support.novell.com/techcenter/psdb/9b70db20ae4e8d5034a104f1305d437c.html

SUSE CORE 9 for AMD64 and Intel EM64T
http://support.novell.com/techcenter/psdb/8256ebb61cc00811a06c0fd252c18d5a.html

SUSE CORE 9 for IBM zSeries 64bit
http://support.novell.com/techcenter/psdb/dc588035c8569c0fba9c9e33685f698c.html

SUSE CORE 9 for IBM S/390 31bit
http://support.novell.com/techcenter/psdb/36b4bba8bf8a44877f22acb24254f105.html

SUSE CORE 9 for IBM POWER
http://support.novell.com/techcenter/psdb/f74c89856bd24e4e5b10b44a1b7fb438.html

SUSE CORE 9 for Itanium Processor Family
http://support.novell.com/techcenter/psdb/7ac58979c59cf50840e70f4bc277e4f8.html

SUSE SLES 9
http://support.novell.com/techcenter/psdb/8256ebb61cc00811a06c0fd252c18d5a.html
http://support.novell.com/techcenter/psdb/dc588035c8569c0fba9c9e33685f698c.html
http://support.novell.com/techcenter/psdb/36b4bba8bf8a44877f22acb24254f105.html
http://support.novell.com/techcenter/psdb/f74c89856bd24e4e5b10b44a1b7fb438.html
http://support.novell.com/techcenter/psdb/7ac58979c59cf50840e70f4bc277e4f8.html
http://support.novell.com/techcenter/psdb/4ea26fcc1ac12ca4ae3124c429ea7994.html

Open Enterprise Server
http://support.novell.com/techcenter/psdb/15107fb406dee9a6d661cedc4a7bd068.html
http://support.novell.com/techcenter/psdb/d9aec765cc3bc34382a96bfc703b9ff2.html

Novell Linux POS 9
http://support.novell.com/techcenter/psdb/4ea26fcc1ac12ca4ae3124c429ea7994.html
http://support.novell.com/techcenter/psdb/d9aec765cc3bc34382a96bfc703b9ff2.html

SUSE CORE 9 for x86
http://support.novell.com/techcenter/psdb/4ea26fcc1ac12ca4ae3124c429ea7994.html
http://support.novell.com/techcenter/psdb/d9aec765cc3bc34382a96bfc703b9ff2.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

- Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg --verify <file>

replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.

If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

- Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:

1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement

1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v --checksig <file.rpm>

to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.

2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command

md5sum <filename.rpm>

after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.

- SUSE runs two security mailing lists to which any interested party may
subscribe:

opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe@suse.com>.

=====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBRYqESney5gA9JdPZAQLNsQf+PjfXteMrCIgsJUqPmLADG3dCNSa88QFh
OICkFqglISmNDNSK6/cM94HlFAE+8HQChKvCdUNiwuK2YZ1yTylI6NTnIuGQDHOZ
OTkWS4Afbor6s3KlsNPCuGvVTu4o1hZj/flYsvPF98nC22Kljllop/oyqJMFhWcK
g8N0jGqiIqzuwCqOivpnAIt9Q37Z+q1NxRnNvz4TKs4rinCzp533zmf/kXUbM4p7
mppmJYmHWtvhVOLehfvZXCOS7CNp3FVhPBl80d1n4XObrmaqQoGUgsi/vAUueI3x
4ma8T/HyfgEXFSa2jGfdBUvFtGC/8FUCdwBbsohn5aAbb0HNsufMjw==
=4I/U
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/suse_security_announcement_linux_kernel_suse_sa2006079.html)