Sicherheit: Mehrere Probleme im Kernel

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: kernel
Announcement ID: SUSE-SA:2007:051
Date: Thu, 06 Sep 2007 17:00:00 +0000
Affected Products: SUSE LINUX 10.1
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote denial of service
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2007-2242, CVE-2007-2453, CVE-2007-2525
CVE-2007-2876, CVE-2007-3105, CVE-2007-3107
CVE-2007-3513, CVE-2007-3848, CVE-2007-3851

Content of This Advisory:
1) Security Vulnerability Resolved:
kernel security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

The Linux kernel in SLE 10 and SUSE Linux 10.1 was updated to fix
various security issues and lots of bugs spotted after the Service
Pack 1 release.

This again aligns the SUSE Linux 10.1 kernel with the SLE 10 release
and for 10.1 contains kABI incompatible changes, requiring updated
kernel module packages. Our KMPs shipped with SUSE Linux 10.1 were
released at the same time, the NVIDIA, ATI and madwifi module owners
have been advised to update their repositories too.

Following security issues were fixed:
- CVE-2007-2242: The IPv6 protocol allows remote attackers to cause
a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0)
that create network amplification between two routers.

The default is that RH0 is disabled now. To adjust this, write to
the file /proc/net/accept_source_route6.

- CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1)
did not properly seed pools when there is no entropy, or (2) used
an incorrect cast when extracting entropy, which might have caused
the random number generator to provide the same values after reboots
on systems without an entropy source.

- CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking
could be caused by a remote attacker by sending specially crafted
packets.
Note that this requires SCTP set-up and active to be exploitable.

- CVE-2007-3105: Stack-based buffer overflow in the random number
generator (RNG) implementation in the Linux kernel before 2.6.22
might allow local root users to cause a denial of service or gain
privileges by setting the default wake-up threshold to a value
greater than the output pool size, which triggers writing random
numbers to the stack by the pool transfer function involving "bound
check ordering".

Since this value can only be changed by a root user, exploitability
is low.

- CVE-2007-3107: The signal handling in the Linux kernel, when run on
PowerPC systems using HTX, allows local users to cause a denial of
service via unspecified vectors involving floating point corruption
and concurrency.

- CVE-2007-2525: Memory leak in the PPP over Ethernet (PPPoE) socket
implementation in the Linux kernel allowed local users to cause
a denial of service (memory consumption) by creating a socket
using connect, and releasing it before the PPPIOCGCHAN ioctl is
initialized.

- CVE-2007-3513: The lcd_write function in drivers/usb/misc/usblcd.c
in the Linux kernel did not limit the amount of memory used by
a caller, which allowed local users to cause a denial of service
(memory consumption).

- CVE-2007-3851: On machines with a Intel i965 based graphics card
local users with access to the direct rendering device node could
overwrite memory on the machine and so gain root privileges.

Additionally a huge number of bugs were fixed. These are listed in
the maintenance information links.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please reboot your machine after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.

x86 Platform:

SUSE LINUX 10.1:
cloop-kmp-bigsmp-2.01_2.6.16.53_0.8-22.8.i586.rpm
8aa726f4083e5632373ebb28abbbabe8
cloop-kmp-debug-2.01_2.6.16.53_0.8-22.8.i586.rpm
f0a9bf51e28af100faeea647eaa4f5c0
cloop-kmp-default-2.01_2.6.16.53_0.8-22.8.i586.rpm
dfe7b935029f121d12af29e03b4a7ee7
cloop-kmp-smp-2.01_2.6.16.53_0.8-22.8.i586.rpm
6bf39568579093c34c14690098200ac0
cloop-kmp-xen-2.01_2.6.16.53_0.8-22.8.i586.rpm
fc85744237063a6097c0843db50173c1
cloop-kmp-xenpae-2.01_2.6.16.53_0.8-22.8.i586.rpm
77ffcf3230912df2f94221fbcb832e33
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-0.7.22-42.14.i586.rpm
114701af0f866fa088bfc1d3414a2e58
drbd-kmp-bigsmp-0.7.22_2.6.16.53_0.8-42.14.i586.rpm
c4cc947dd32c3466bc0af5959332228b
drbd-kmp-debug-0.7.22_2.6.16.53_0.8-42.14.i586.rpm
d99fce9db3933be106539e35295bbb9f
drbd-kmp-default-0.7.22_2.6.16.53_0.8-42.14.i586.rpm
a89d12111ada77787b88dc9fc385f66a
drbd-kmp-smp-0.7.22_2.6.16.53_0.8-42.14.i586.rpm
731543df0d337dbd65e74a85be87ad70
drbd-kmp-xen-0.7.22_2.6.16.53_0.8-42.14.i586.rpm
c411a0b260cf41c7e41b04bd0f1f4e8e
drbd-kmp-xenpae-0.7.22_2.6.16.53_0.8-42.14.i586.rpm
f5456498221e86ebac5a90373ae9a500
hbedv-dazuko-kmp-bigsmp-2.3.2_2.6.16.53_0.8-0.1.i586.rpm
96c3a125c011299a3b4d0f09fb4dd6de
hbedv-dazuko-kmp-debug-2.3.2_2.6.16.53_0.8-0.1.i586.rpm
793a53747b8241b5ab7939f8665a7b7d
hbedv-dazuko-kmp-default-2.3.2_2.6.16.53_0.8-0.1.i586.rpm
c644584794fdb8283483e0a37f1b4a34
hbedv-dazuko-kmp-smp-2.3.2_2.6.16.53_0.8-0.1.i586.rpm
ebddde7e157b2b71001f3492ea092c0b
hbedv-dazuko-kmp-xen-2.3.2_2.6.16.53_0.8-0.1.i586.rpm
51b1a7ab25cf1e9f790e30e895ea6995
hbedv-dazuko-kmp-xenpae-2.3.2_2.6.16.53_0.8-0.1.i586.rpm
263337d6e2cfd9dae07c81474b14266a
ivtv-kmp-bigsmp-0.7.0_2.6.16.53_0.8-12.2.i586.rpm
82e92676ab7d3b2d9e8fc2f8b6541ac7
ivtv-kmp-debug-0.7.0_2.6.16.53_0.8-12.2.i586.rpm
7586df096afd5c98132a800b71c938b5
ivtv-kmp-default-0.7.0_2.6.16.53_0.8-12.2.i586.rpm
087d141f079c40d49d2e7957d53b4226
ivtv-kmp-smp-0.7.0_2.6.16.53_0.8-12.2.i586.rpm
49fb0d79e32823914bdc013a903a1a32
ivtv-kmp-xen-0.7.0_2.6.16.53_0.8-12.2.i586.rpm
5906de32b1a32fe778892b68773ee503
ivtv-kmp-xenpae-0.7.0_2.6.16.53_0.8-12.2.i586.rpm
595085ce6c617f025393ac908ebc1d1b
kernel-bigsmp-2.6.16.53-0.8.i586.rpm
b1f2a5a0b618e77d5fa78d14e70632ff
kernel-debug-2.6.16.53-0.8.i586.rpm
5c3973d34d65e89f807723d79ec646d9
kernel-default-2.6.16.53-0.8.i586.rpm
2199d335d23cae9ca8b3854045457d22
kernel-kdump-2.6.16.53-0.8.i586.rpm
c03c6afa5decd48a43a046d87db213af
kernel-smp-2.6.16.53-0.8.i586.rpm
f977dffa9137809df615a66609f19bf8
kernel-source-2.6.16.53-0.8.i586.rpm
ede06383c241446b4040234a771cce8e
kernel-syms-2.6.16.53-0.8.i586.rpm
4d56b5552e4acedc8462797c400612cb
kernel-um-2.6.16.53-0.8.i586.rpm
782727388dbb3894def87e0c5278ebbe
kernel-xen-2.6.16.53-0.8.i586.rpm
d84f53b2eeb6473e6497025f03b5ea79
kernel-xenpae-2.6.16.53-0.8.i586.rpm
b5e435359d41583fe36e762eb86bcd13
kexec-tools-1.101-32.42.i586.rpm
44d6b40b14c0010fd4d1d2ef6e289d23
lirc-kmp-bigsmp-0.8.0_2.6.16.53_0.8-0.3.i586.rpm
8c1d93c122786af870828af5d9409980
lirc-kmp-default-0.8.0_2.6.16.53_0.8-0.3.i586.rpm
b239d8f9f57df8d8b8c7e4ab8f7311e2
lirc-kmp-smp-0.8.0_2.6.16.53_0.8-0.3.i586.rpm
933acacbe15b03289646383a1ed7928d
lirc-kmp-xenpae-0.8.0_2.6.16.53_0.8-0.3.i586.rpm
06fa9f9f22ce27c497a81732138538c3
mkinitrd-1.2-106.58.i586.rpm
8df02f7543f376795c89318805d79fe4
multipath-tools-0.4.6-25.21.i586.rpm
d51adfdc697e7f8c27cf1d989b3fc3b6
ndiswrapper-kmp-bigsmp-1.34_2.6.16.53_0.8-1.10.i586.rpm
4fb80b4a3e5162f7d06653419462fb00
ndiswrapper-kmp-debug-1.34_2.6.16.53_0.8-1.10.i586.rpm
a669ea990409b675402143f807dfdc19
ndiswrapper-kmp-default-1.34_2.6.16.53_0.8-1.10.i586.rpm
3886e1cc5cf4a700a636b6a12b4ef323
ndiswrapper-kmp-smp-1.34_2.6.16.53_0.8-1.10.i586.rpm
f2a0784685d1611266b3a972a7cdba04
ndiswrapper-kmp-xen-1.34_2.6.16.53_0.8-1.10.i586.rpm
cca140c071e3cc09fcef38a112101a9c
ndiswrapper-kmp-xenpae-1.34_2.6.16.53_0.8-1.10.i586.rpm
304bb00107ce2bc077fb704fb3f053e0
novfs-kmp-bigsmp-2.0.0_2.6.16.53_0.8-3.13.i586.rpm
3392a961c1a5685b8f99bac30861659d
novfs-kmp-debug-2.0.0_2.6.16.53_0.8-3.13.i586.rpm
ac4fe06a55aa92b7a61043097b57b27c
novfs-kmp-default-2.0.0_2.6.16.53_0.8-3.13.i586.rpm
2529eb35cdbd0535933e16a1373df55f
novfs-kmp-smp-2.0.0_2.6.16.53_0.8-3.13.i586.rpm
bd76a840e0502e259f5416b495d2fedb
novfs-kmp-xen-2.0.0_2.6.16.53_0.8-3.13.i586.rpm
d3177fb47cad63a5c8cd5d728934b4f6
novfs-kmp-xenpae-2.0.0_2.6.16.53_0.8-3.13.i586.rpm
6f4eb228d098b5de12a9e2c2162b7c7c
omnibook-kmp-bigsmp-20060126_2.6.16.53_0.8-0.5.i586.rpm
559f047bce75796bec8138ccdf3f25db
omnibook-kmp-debug-20060126_2.6.16.53_0.8-0.5.i586.rpm
557e44b6fed9991c8d48818d4cf5f988
omnibook-kmp-default-20060126_2.6.16.53_0.8-0.5.i586.rpm
2cf7b14d387bf352448efc903cd48b87
omnibook-kmp-kdump-20060126_2.6.16.53_0.8-0.5.i586.rpm
4174309573d599ecfa69a4c61ce2a498
omnibook-kmp-smp-20060126_2.6.16.53_0.8-0.5.i586.rpm
5df613d7b1c1607b122ac314d7accc37
omnibook-kmp-xen-20060126_2.6.16.53_0.8-0.5.i586.rpm
349b2b30ca64b1c006e47e90399f3574
omnibook-kmp-xenpae-20060126_2.6.16.53_0.8-0.5.i586.rpm
ae7ae920705be1609f63f8af63992baf
open-iscsi-2.0.707-0.25.i586.rpm
8fb2314c7b7bbc008b1b53f89a1bae91
openafs-kmp-xenpae-1.4.0_2.6.16.53_0.8-21.3.i586.rpm
baebbb9f96d128093f072e31c1eae92e
pcfclock-kmp-bigsmp-0.44_2.6.16.53_0.8-15.2.i586.rpm
7f9ba5da69544100a4793ef58d04dfe7
pcfclock-kmp-debug-0.44_2.6.16.53_0.8-15.2.i586.rpm
f7f79b4f1aac644c7b5a5d9b73817f0a
pcfclock-kmp-default-0.44_2.6.16.53_0.8-15.2.i586.rpm
31a8d76e8baeda190a10076ca1371e8f
pcfclock-kmp-smp-0.44_2.6.16.53_0.8-15.2.i586.rpm
6afaeded5bff07639e7ea6622546dac2
quickcam-kmp-default-0.6.3_2.6.16.53_0.8-0.1.i586.rpm
7ed4be65ffd3cfcc28b844412983170d
smartlink-softmodem-kmp-bigsmp-2.9.10_2.6.16.53_0.8-44.2.i586.rpm
d527beef0694ea6adcc28f0ba66c8c1c
smartlink-softmodem-kmp-default-2.9.10_2.6.16.53_0.8-44.2.i586.rpm
8765e94592d06946b02be1b2a9f99310
smartlink-softmodem-kmp-smp-2.9.10_2.6.16.53_0.8-44.2.i586.rpm
e09e3ca13d45d19273cd65a2b4b2ceac
tpctl-kmp-bigsmp-4.17_2.6.16.53_0.8-30.13.i586.rpm
00ca3fafb0ae0f4a5dd087c45772e845
tpctl-kmp-debug-4.17_2.6.16.53_0.8-30.13.i586.rpm
b8d3ddf8762c784520e250b225c4a5dc
tpctl-kmp-default-4.17_2.6.16.53_0.8-30.13.i586.rpm
2fcbdbc6e1d9c12c22d02c2366aaa996
tpctl-kmp-smp-4.17_2.6.16.53_0.8-30.13.i586.rpm
e56148c17b04160109c392460b7313a9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/udev-085-30.40.i586.rpm
b935afe02348c179ab196cf88b266445
usbvision-kmp-bigsmp-0.9.8.2_2.6.16.53_0.8-0.1.i586.rpm
78c1dfd00106c218fe31765dc8f404c2
usbvision-kmp-debug-0.9.8.2_2.6.16.53_0.8-0.1.i586.rpm
ba7559bb011640a95674579293ad1588
usbvision-kmp-default-0.9.8.2_2.6.16.53_0.8-0.1.i586.rpm
3887199c7c724e1fa5305eb7a6cb760e
usbvision-kmp-smp-0.9.8.2_2.6.16.53_0.8-0.1.i586.rpm
f685e0577f2af7571312335fb85f746b
usbvision-kmp-xen-0.9.8.2_2.6.16.53_0.8-0.1.i586.rpm
f5b4f345fa6657b58995a871fad13ea8
usbvision-kmp-xenpae-0.9.8.2_2.6.16.53_0.8-0.1.i586.rpm
b40cb2b79f85f33d0be023b71d44347d
wlan-kmp-bigsmp-1_2.6.16.53_0.8-0.7.i586.rpm
6c7f5ca823c95a36605ccbf7a811e7c2
wlan-kmp-debug-1_2.6.16.53_0.8-0.7.i586.rpm
00ec933efa0a707375c25ea267d3fc3d
wlan-kmp-default-1_2.6.16.53_0.8-0.7.i586.rpm
d1699292963f744c0087bf122a4aa990
wlan-kmp-smp-1_2.6.16.53_0.8-0.7.i586.rpm
1e30e47808a3032143f87760cecea87d
wlan-kmp-xen-1_2.6.16.53_0.8-0.7.i586.rpm
9b3fc81ca1eb896442004d478f206e8b
wlan-kmp-xenpae-1_2.6.16.53_0.8-0.7.i586.rpm
825fcbc4902764b6effb5f04aaa9b127
zaptel-kmp-bigsmp-1.2.4_2.6.16.53_0.8-10.12.i586.rpm
d5768661492275d4f34b74ef98a3dbcb
zaptel-kmp-debug-1.2.4_2.6.16.53_0.8-10.12.i586.rpm
4b031faa877b3e00b27b192d710f28f1
zaptel-kmp-default-1.2.4_2.6.16.53_0.8-10.12.i586.rpm
e84a5f3ef34d7df6b73f76dab0a92f57
zaptel-kmp-smp-1.2.4_2.6.16.53_0.8-10.12.i586.rpm
43fe4ea470fad94454b8a95fb2e5c97b
zaptel-kmp-xen-1.2.4_2.6.16.53_0.8-10.12.i586.rpm
bbb30c1b3f84ccb45788627b613ab516
zaptel-kmp-xenpae-1.2.4_2.6.16.53_0.8-10.12.i586.rpm
c6adbaef68fd343d484ba1a4cedff1ae

Power PC Platform:

SUSE LINUX 10.1:
cloop-kmp-default-2.01_2.6.16.53_0.8-22.8.ppc.rpm
4c330386b7d6ef6c045a5b6a78caa3ea
cloop-kmp-iseries64-2.01_2.6.16.53_0.8-22.8.ppc.rpm
8b377c2b05cfdd71c3c14f175bda2dd6
cloop-kmp-ppc64-2.01_2.6.16.53_0.8-22.8.ppc.rpm
fe7bef90aafe7869cffcca0efb1faf69
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-0.7.22-42.14.ppc.rpm
4defda4646464d603a70d6a2a602d374
drbd-kmp-default-0.7.22_2.6.16.53_0.8-42.14.ppc.rpm
b87d23504d541f09e043d14ca1470a8b
drbd-kmp-iseries64-0.7.22_2.6.16.53_0.8-42.14.ppc.rpm
37efd016af840f31d73ee57da26ef96f
drbd-kmp-ppc64-0.7.22_2.6.16.53_0.8-42.14.ppc.rpm
e7c94414372c6fae6be7740ad16ad21d
kernel-default-2.6.16.53-0.8.ppc.rpm
49065a45fdc422a6c944f336129161e5
kernel-iseries64-2.6.16.53-0.8.ppc.rpm
3e19a3a2064d5ec593cdb82b21932479
kernel-kdump-2.6.16.53-0.8.ppc.rpm
46f04019504e45deaeaaad5ad65874f8
kernel-ppc64-2.6.16.53-0.8.ppc.rpm
26ae8dd09e91f18cbf3e22c0361c44c3
kernel-source-2.6.16.53-0.8.ppc.rpm
888028367b84031cf696b97dcffed41d
kernel-syms-2.6.16.53-0.8.ppc.rpm
548ee4a65c3cf2096a6bb235826e9727
lirc-kmp-default-0.8.0_2.6.16.53_0.8-0.3.ppc.rpm
6545ac85657610c4371eb3eb792bae18
lirc-kmp-iseries64-0.8.0_2.6.16.53_0.8-0.3.ppc.rpm
6295ce4b29e4bc6d8904b7fe0350fb6e
lirc-kmp-ppc64-0.8.0_2.6.16.53_0.8-0.3.ppc.rpm
bd988cf28ab39d64e59bbee0132c8c75
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mkinitrd-1.2-106.58.ppc.rpm
b2ca53b94f2cfacc6053dc8a7fbce78f
multipath-tools-0.4.6-25.21.ppc.rpm
7407c058b81351b2bb0387414e95d6dd
open-iscsi-2.0.707-0.25.ppc.rpm
6407dcf643e7dd479a49cdf7867ba61d
openafs-kmp-iseries64-1.4.0_2.6.16.53_0.8-21.2.ppc.rpm
c8fd9b719385aec295b0b86a62417675
openafs-kmp-ppc64-1.4.0_2.6.16.53_0.8-21.2.ppc.rpm
feec6ac3f9de5e93901ba45b07eccfd9
pcfclock-kmp-default-0.44_2.6.16.53_0.8-15.2.ppc.rpm
4c308b618d77b376647351a8d51f6cd6
pcfclock-kmp-ppc64-0.44_2.6.16.53_0.8-15.2.ppc.rpm
d2f6bcc19f45c85932ea85ecbf140038
quickcam-kmp-default-0.6.3_2.6.16.53_0.8-0.1.ppc.rpm
f95358e253b4941ab33a262f0f5a417b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/udev-085-30.40.ppc.rpm
f562428a0cf05840d37f9d39cade53a3
wlan-kmp-default-1_2.6.16.53_0.8-0.7.ppc.rpm
51bb199f3696b485edd7e20969cea2d6
wlan-kmp-iseries64-1_2.6.16.53_0.8-0.7.ppc.rpm
1f4d1e94c9cbf0f5541fd6e13abedb04
wlan-kmp-ppc64-1_2.6.16.53_0.8-0.7.ppc.rpm
a8e699a320999e40c5f7d9ae16f3ccb4
zaptel-kmp-default-1.2.4_2.6.16.53_0.8-10.12.ppc.rpm
b7b9826124ef89b94567ced67e26b65f

x86-64 Platform:

SUSE LINUX 10.1:
cloop-kmp-debug-2.01_2.6.16.53_0.8-22.8.x86_64.rpm
39c328bf75c7faf773614ac591eaca60
cloop-kmp-default-2.01_2.6.16.53_0.8-22.8.x86_64.rpm
e0e32da85086988977e18d6fe5db102b
cloop-kmp-smp-2.01_2.6.16.53_0.8-22.8.x86_64.rpm
5bc3c3a48de578aaed84d9bf40cd458f
cloop-kmp-xen-2.01_2.6.16.53_0.8-22.8.x86_64.rpm
bceb7ea21b1a29ce83abb3e455ee7931
drbd-0.7.22-42.14.x86_64.rpm
60575c44721e4a0346ffc8c6a91efc39
drbd-kmp-debug-0.7.22_2.6.16.53_0.8-42.14.x86_64.rpm
d6ec8ad91154d0f40fcdca14de51d4f6
drbd-kmp-default-0.7.22_2.6.16.53_0.8-42.14.x86_64.rpm
d17fb7be99873a06bd09b560d0a749d5
drbd-kmp-smp-0.7.22_2.6.16.53_0.8-42.14.x86_64.rpm
d32df6831c277a3ed0ab37dba0862919
drbd-kmp-xen-0.7.22_2.6.16.53_0.8-42.14.x86_64.rpm
59cb6f93e5cd698b96312dd156ee91b4
hbedv-dazuko-kmp-debug-2.3.2_2.6.16.53_0.8-0.1.x86_64.rpm
88506a8ca0fb23a2dbc763ec80d85a56
hbedv-dazuko-kmp-default-2.3.2_2.6.16.53_0.8-0.1.x86_64.rpm
e6962e81eeda0bb6b1bcc9d8b43acd10
hbedv-dazuko-kmp-smp-2.3.2_2.6.16.53_0.8-0.1.x86_64.rpm
20683671ada341b103a06609d7bd0beb
hbedv-dazuko-kmp-xen-2.3.2_2.6.16.53_0.8-0.1.x86_64.rpm
baa0590c91ba62a963ed05dcbceae1a2
ivtv-kmp-debug-0.7.0_2.6.16.53_0.8-12.2.x86_64.rpm
1352dfb3164447aeba4d20304524dede
ivtv-kmp-default-0.7.0_2.6.16.53_0.8-12.2.x86_64.rpm
886f709c015a7fabfe0942a6939b5556
ivtv-kmp-smp-0.7.0_2.6.16.53_0.8-12.2.x86_64.rpm
b5c352e3fc3a94affde5adbe81026ffa
ivtv-kmp-xen-0.7.0_2.6.16.53_0.8-12.2.x86_64.rpm
7c42d35e099fdc74961021287cc0dedf
kernel-debug-2.6.16.53-0.8.x86_64.rpm
e535d3952b99ca381743e02968b05962
kernel-default-2.6.16.53-0.8.x86_64.rpm
918836d65c9757c499ecf5afea5a2afb
kernel-kdump-2.6.16.53-0.8.x86_64.rpm
3cd03349441804ad506ca3c7f8c62abe
kernel-smp-2.6.16.53-0.8.x86_64.rpm
2fa7cb20b78bf574c3d096920b9e217b
kernel-source-2.6.16.53-0.8.x86_64.rpm
2b70910c1b5ad7024bc19e71f0b5b128
kernel-syms-2.6.16.53-0.8.x86_64.rpm
f2a52f88049f3dd0ce496f50df99ce31
kernel-xen-2.6.16.53-0.8.x86_64.rpm
3f63250e48f8306d82e4e9aab5063cdf
kexec-tools-1.101-32.42.x86_64.rpm
9cb0431a731a47e3972e0e41d9a9efb8
lirc-kmp-default-0.8.0_2.6.16.53_0.8-0.3.x86_64.rpm
2234284d6524af7b703815145f38dbf7
lirc-kmp-smp-0.8.0_2.6.16.53_0.8-0.3.x86_64.rpm
ffa29b4ba124cb564803f28d195dc84d
mkinitrd-1.2-106.58.x86_64.rpm
94b5acaec5cd3d45a7d92b9fb1354d28
multipath-tools-0.4.6-25.21.x86_64.rpm
314fdda336fe19ae873225305e7c3681
ndiswrapper-kmp-debug-1.34_2.6.16.53_0.8-1.10.x86_64.rpm
ab5e171b9a84655aa509ad574bf3222e
ndiswrapper-kmp-default-1.34_2.6.16.53_0.8-1.10.x86_64.rpm
6cc099ca27594bc179663b80b7f8505c
ndiswrapper-kmp-smp-1.34_2.6.16.53_0.8-1.10.x86_64.rpm
340c8cc665bc241665333a1ccf9657a4
ndiswrapper-kmp-xen-1.34_2.6.16.53_0.8-1.10.x86_64.rpm
d25781bf7c38f240245f3d3bf86a0611
novfs-kmp-debug-2.0.0_2.6.16.53_0.8-3.13.x86_64.rpm
bef1faa072685be069d97328a005d4a5
novfs-kmp-default-2.0.0_2.6.16.53_0.8-3.13.x86_64.rpm
ce297a8fc3ba54e7dc792030986eff78
novfs-kmp-smp-2.0.0_2.6.16.53_0.8-3.13.x86_64.rpm
402699d04c5ac5526b2cd31e9dfc3b00
novfs-kmp-xen-2.0.0_2.6.16.53_0.8-3.13.x86_64.rpm
59de5226b2c70f1a0e3cd8f552bd63bf
omnibook-kmp-debug-20060126_2.6.16.53_0.8-0.5.x86_64.rpm
3e1db97a3de2feb48ffa66626a84becb
omnibook-kmp-default-20060126_2.6.16.53_0.8-0.5.x86_64.rpm
deb9f50d3d1753363995b28a00fa8bde
omnibook-kmp-kdump-20060126_2.6.16.53_0.8-0.5.x86_64.rpm
ea51b1eb701b337c4eae57c424aafb6e
omnibook-kmp-smp-20060126_2.6.16.53_0.8-0.5.x86_64.rpm
00b197889a4a5f31b14789d0bd18cb91
omnibook-kmp-xen-20060126_2.6.16.53_0.8-0.5.x86_64.rpm
b92a1aab65439b869fd2d67f3a8f5650
open-iscsi-2.0.707-0.25.x86_64.rpm
8df1553424ff6abccd38bbdad43821a8
pcfclock-kmp-debug-0.44_2.6.16.53_0.8-15.2.x86_64.rpm
18b6a2870992c758e0e15d500580ecde
pcfclock-kmp-default-0.44_2.6.16.53_0.8-15.2.x86_64.rpm
94b8d2968d9da6e9020090af47028d3a
pcfclock-kmp-smp-0.44_2.6.16.53_0.8-15.2.x86_64.rpm
455f703b0693140f0c2a0e7fa060a578
quickcam-kmp-default-0.6.3_2.6.16.53_0.8-0.1.x86_64.rpm
83023996dd47e6b7ae829744867f845a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/udev-085-30.40.x86_64.rpm
6bc8b2cac7a3577b5531d1b8a885666d
wlan-kmp-debug-1_2.6.16.53_0.8-0.7.x86_64.rpm
51b354b8a984d9a73a37d084329f46e9
wlan-kmp-default-1_2.6.16.53_0.8-0.7.x86_64.rpm
1222ba499f29732d5e8942927b607e86
wlan-kmp-smp-1_2.6.16.53_0.8-0.7.x86_64.rpm
4bb744e8becf9e11beea5cb08c11f6bd
wlan-kmp-xen-1_2.6.16.53_0.8-0.7.x86_64.rpm
b642ba8461b8c6ae9ae009df3ceee3ff
zaptel-kmp-debug-1.2.4_2.6.16.53_0.8-10.12.x86_64.rpm
65576faf979436ae513e7e4f86aff810
zaptel-kmp-default-1.2.4_2.6.16.53_0.8-10.12.x86_64.rpm
7e36549187e62acc29015d2dea4d2419
zaptel-kmp-smp-1.2.4_2.6.16.53_0.8-10.12.x86_64.rpm
ed411e6de7c77da5ba058f08eb3e9e2f
zaptel-kmp-xen-1.2.4_2.6.16.53_0.8-10.12.x86_64.rpm
8fd9b35dda5b315090c37f4bca437bb4

Sources:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/drbd-0.7.22-42.14.src.rpm
f73ab327699bc11971ef7951e4824402
kernel-bigsmp-2.6.16.53-0.8.nosrc.rpm
5d8953bf94be25f51ddca7f01d572031
kernel-debug-2.6.16.53-0.8.nosrc.rpm
db7a15080b3f473c5e734189fcade2e1
kernel-default-2.6.16.53-0.8.nosrc.rpm
20b1c3612124f5de388f1130c3bd63f7
kernel-iseries64-2.6.16.53-0.8.nosrc.rpm
00427dbd933673824fb5ec45065cdebb
kernel-kdump-2.6.16.53-0.8.nosrc.rpm
f763bd08cb3c46aac3bf5dd32896c015
kernel-ppc64-2.6.16.53-0.8.nosrc.rpm
6cbb187a584c0da91cd4427d288f770a
kernel-smp-2.6.16.53-0.8.nosrc.rpm
2af3da693f084595d314f30792b11407
kernel-source-2.6.16.53-0.8.src.rpm
78a9223f08200180e3827f5b5dba573a
kernel-syms-2.6.16.53-0.8.src.rpm
33489039ccf89bf830a0cfb88a9e71b3
kernel-um-2.6.16.53-0.8.nosrc.rpm
f700dfa79c2ec8491ebefb1b4e3a19ff
kernel-xen-2.6.16.53-0.8.nosrc.rpm
9ba56bb02783bec58f57e2fc7f922527
kernel-xenpae-2.6.16.53-0.8.nosrc.rpm
2e207cae957015284c3c8bc9796765e4
kexec-tools-1.101-32.42.src.rpm
6965e58790539344d582bca496a91b3d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/mkinitrd-1.2-106.58.src.rpm
445f075a76f09f234da20f5de25023d8
multipath-tools-0.4.6-25.21.src.rpm
2a77f15f70a78a620562022986062dae
open-iscsi-2.0.707-0.25.src.rpm
cbf7bc439560dbad490dcdf1328b927f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/udev-085-30.40.src.rpm
a3768ed532eef9c30ab9ea04923b1471

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:

SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T
1476b8bb669abfd3d3276d5f27c20239.html

SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit
6c78f382a20b722ceb5c36cab3f83afe.html

SLE SDK 10 SP1 for IBM iSeries and IBM pSeries
87829cedfb6551b47976e17c7a7ffc27.html

SLE SDK 10 SP1 for IPF
91179d377ced614f3598655be7a4a0f9.html

SUSE Linux Enterprise Server 10 SP1
1476b8bb669abfd3d3276d5f27c20239.html
6c78f382a20b722ceb5c36cab3f83afe.html
87829cedfb6551b47976e17c7a7ffc27.html
91179d377ced614f3598655be7a4a0f9.html
a4e6d19f94707022b621550d1049f74e.html

SLE SDK 10 SP1
1476b8bb669abfd3d3276d5f27c20239.html
a4e6d19f94707022b621550d1049f74e.html

SUSE Linux Enterprise Desktop 10 SP1
1476b8bb669abfd3d3276d5f27c20239.html
a4e6d19f94707022b621550d1049f74e.html

SUSE Linux Enterprise Desktop 10 SP1 for x86
a4e6d19f94707022b621550d1049f74e.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

- Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg --verify <file>

replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
<security@suse.de>"

where <DATE> is replaced by the date the document was signed.

If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

- Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:

1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement

1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v --checksig <file.rpm>

to verify the signature of the package, replacing <file.rpm> with
the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.

2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command

md5sum <filename.rpm>

after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.

- SUSE runs two security mailing lists to which any interested party may
subscribe:

opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.

opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.

=====================================================================
SUSE's security contact is <security@suse.com> or
<security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRuAaGHey5gA9JdPZAQI3Iwf/TsftHM94+5zAraPn39mms1eVlXHrUkiv
G2N8iz/aUaR5C0IF5lmTACCfsuGZWPJgvkH/bG/7QTW+VvKbZm9nwzzIDnQkPfiI
p+PUgg3eWNr+o4zEk2raEucw1YVA9h6t+3sBGeCrdrsZm7I+gkJDYQQ6cVZ7e3aO
szy4/IN4ziruVEKIZvY66HVtiB1YAHnz+GVQqiGhWaWha4QyAMBjPL+H+/bH9zSr
jfV7CbKkHzkzaApilVJfj7RvDm1wvvkG6p9vhnToKYXw5b8/QL6pbXcHpgz7NI6Q
LNKSssM2yI8chuhA/6GqN06ECk3s8amrN/uVIThKcSDAOB4JPqSVwg==
=dTnn
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org