-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2006:042
Date: Wed, 26 Jul 2006 14:00:00 +0000
Affected Products: SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
Vulnerability Type: local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-0744, CVE-2006-1528, CVE-2006-1855
CVE-2006-1857, CVE-2006-1858, CVE-2006-1859
CVE-2006-1860, CVE-2006-2444, CVE-2006-2445
CVE-2006-2448, CVE-2006-2450, CVE-2006-2451
CVE-2006-2934, CVE-2006-2935, CVE-2006-3085
CVE-2006-3626
Content of This Advisory:
1) Security Vulnerability Resolved:
Various kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel has been updated to fix several security issues.
This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1.
For the SUSE Linux Enterprise 9 and 10, Novell Linux Desktop 9, Open
Enterprise Server products the kernel update is still in testing and
will be released within the next week.
SUSE Linux Enterprise 8 and SUSE Linux Desktop 1 with Linux 2.4 based
kernels are not affected by exploitable problems in their default
configuration and will not be updated with this security update round.
The SUSE Linux 10.1 kernel has been updated to state of the SUSE
Linux Enterprise 10 kernel and will continue to track it.
The updated kernel enables convenient use of kernel module packages
for NVIDIA and ATI drivers on SUSE Linux 10.1.
Please see the HOWTOs on https://www.opensuse.org/ on how to add and use
them. The update also includes a set of AppArmor and Kernel Module
Package (KMP) updates.
Following security issues fixed:
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel.
- CVE-2006-1859: A memory leak in __setlease in fs/locks.c allows
local attackers to cause a denial of service (memory
consumption) via unspecified actions related to an
"uninitialized return value," aka "slab leak."
- CVE-2006-1860: lease_init in fs/locks.c allows local attackers to cause a
denial of service (fcntl_setlease lockup) via actions
that cause lease_init to free a lock that might not
have been allocated on the stack.
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space.
- CVE-2006-1855: It was possible to potentially crash the kernel by
using CPU timers and timing the termination of the
parent process.
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk.
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters.
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite.
- CVE-2006-2445: A race condition in run_posix_cpu_timers allows local
users to cause a denial of service (BUG_ON crash)
by causing one CPU to attach a timer to a process that
is exiting.
- CVE-2006-2448: Due to missing checking of validity of user space pointers it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific.
- CVE-2006-3085: Fixed a remotely trigger able endless loop in SCTP netfilter
handling caused by 0 chunk length.
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges.
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
- CVE-2006-2935: A stack based buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system.
- CVE-2006-3626: A race condition allows local users to gain root
privileges by changing the file mode of /proc/self/
files in a way that causes those files (for instance
/proc/self/environ) to become setuid root.
The SUSE Linux 9.1 kernel update is the final SUSE Linux 9.1 YOU
update (see separate announcement from some days ago).
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
SPECIAL INSTALLATION INSTRUCTIONS
================================ The following paragraphs guide you through the installation
process in a step-by-step fashion. The character sequence "****"
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable
to your situation. Therefore, make sure that you read through
all of the steps below before attempting any of these
procedures. All of the commands that need to be executed must be
run as the superuser 'root'. Each step relies on the steps
before it to complete successfully.
**** Step 1: Determine the needed kernel type.
Use the following command to determine which kind of kernel is
installed on your system:
rpm -qf --qf '%{name}\n' /boot/vmlinuz
**** Step 2: Download the packages for your system.
Download the kernel RPM package for your distribution with the
name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel
modules that are not free were moved to a separate package with
the suffix '-nongpl' in its name. Download that package as well
if you rely on hardware that requires non-free drivers, such as
some ISDN adapters. The list of all kernel RPM packages is
appended below.
The kernel-source package does not contain a binary kernel in
bootable form. Instead, it contains the sources that correspond
with the binary kernel RPM packages. This package is required to
build third party add-on modules.
**** Step 3: Verify authenticity of the packages.
Verify the authenticity of the kernel RPM package using the
methods as listed in Section 6 of this SUSE Security
Announcement.
**** Step 4: Installing your kernel rpm package.
Install the rpm package that you have downloaded in Step 2 with
the command
rpm -Uhv
replacing with the filename of the RPM package
downloaded.
Warning: After performing this step, your system may not boot
unless the following steps have been followed
completely.
**** Step 5: Configuring and creating the initrd.
The initrd is a RAM disk that is loaded into the memory of your
system together with the kernel boot image by the boot loader.
The kernel uses the content of this RAM disk to execute commands
that must be run before the kernel can mount its root file
system. The initrd is typically used to load hard disk
controller drivers and file system modules. The variable
INITRD_MODULES in /etc/sysconfig/kernel determines which kernel
modules are loaded in the initrd.
After a new kernel rpm has been installed, the initrd must be
recreated to include the updated kernel modules. Usually this
happens automatically when installing the kernel rpm. If
creating the initrd fails for some reason, manually run the
command
/sbin/mkinitrd
**** Step 6: Update the boot loader, if necessary.
Depending on your software configuration, you either have the
LILO or GRUB boot loader installed and initialized on your
system. Use the command
grep LOADER_TYPE /etc/sysconfig/bootloader
to find out which boot loader is configured.
The GRUB boot loader does not require any further action after a
new kernel has been installed. You may proceed to the next step
if you are using GRUB.
If you use the LILO boot loader, lilo must be run to
reinitialize the boot sector of the hard disk. Usually this
happens automatically when installing the kernel RPM. In case
this step fails, run the command
/sbin/lilo
Warning: An improperly installed boot loader will render your
system unbootable.
**** Step 7: Reboot.
If all of the steps above have been successfully completed on
your system, the new kernel including the kernel modules and the
initrd are ready to boot. The system needs to be rebooted for
the changes to be active. Make sure that all steps have been
completed then reboot using the command
/sbin/shutdown -r now
Your system will now shut down and restart with the new kernel.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv
to apply the update, replacing with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
9cd9a522ee1844e945b580697cf23ad9
89d2201c3dbc746ec24cf4bd4cb44559
72540e4f65fd2edf1782a75114fccb9f
4cf153c5f2f544d0766a00fa83b3c8ef
6bdf25dbf6a23a529fcb03a64b17cebf
a844ad701dd378b34a4cadc0e4c22e6f
dff4d32521e85e17d4f8ff6adca93949
cef9a15763ee6932c53ee21473cd4997
ba16f758468d56f1d7923db3b0904631
2c43fb6f07d4bfe9b93870e5427c1895
e7b20cfae135aa61d35b7a5b21c74330
909215493b300108c63119ab9f096d79
e113b1b042ae80eab80c23c4c28cf97f
b69e5fc59ca5d0c240fd53fc98a5484a
6c9bac44ad763009d4331401d3ac10ec
3188da9046488df7bed609ffd7ce54fe
bb3ef37bcb236e56be33e14e1e367983
b9ecda8924b39c2ef58543daeb27f35f
410388ef1c72ff622aa163a5c2d9df4c
afb6655fed055160232e9e88da940b24
23bab134a07330c207e7318843c82a79
4797651065a56662beb54b0a6bc88b12
77832a824919e683087693f24db509f6
57aefc602afcb1d96e386a748c84077f
641354f8153682d9657809ff3de2ceef
32c3dd5b3aa99ba22851a5b8437c3198
261b6e2cef8380c105f1175813b6652e
2b0a21a904508d395e3fb6ae250bb97d
bdb122fa51617514703c0e6655976ecb
a7cd535abc7d7369df33218549a40641
76afdaa38402761b7a4547d346128d12
c02ef80cf6259e9c2e2367d906ddbce5
7d2ae84459eb40f27eb27ccd17f40065
bb548b149f045f71f0cc77cdeab3554e
06f6819e6b542f818dfc1cf8b177d21c
c03b63fe79c14b963c2ca952d741507b
47dfc55b417521fc8f89719a26590b8b
ce2c2a0c3d8f8de549f7f9e464b215c6
0ebf3e42683ade314e2eb216ee11de72
28f60804adcf7e5d19ec52b4d64de043
67b4f753cc31f80de61e6c3b46511ad8
fe279b89071ac503553a3ef9f7006ccb
b051b17aaa7f5f3faddd7ae04e17b25b
91e65fa9b282efc42f012b27f55db16c
3f795b29fdf6a9bc66eb42c8686c7977
d8dafe24a0f64529fa92a7f21acd88dd
e5a0788af9f6f93be7592212fa4e1d4f
188cdc73cf94c84cef6d9bfec587da9d
9b8abac21a6ed044bdde306d27f97b03
2865814e726de3c07e4a63433e2408ae
d49abd0a6bd8319a6bf35665cb20e1f1
38bbad45bd3915010d26dd7dbf07b570
a20595f9f88f23363aea1e281a853bb9
e266f1647fd1d9b3fe53782249aa8017
21c7664b863b822b7e6fca494167dca7
206c4c2c37edbe12a532d7df17992fe5
74f8ee6ce6fb0ba4264027d82dedfed2
684fe3618c802c5949c16c2e23490fa7
aa274c0190792577dae5400fecad7642
b37e5f6d1afff4d17236e781e908c4a2
504aee4caf372688dd59254b4296a071
826ef0e62b77ee7db3515c4f81d918fb
ba37438f88bb172e407d6e4db00fab9a
3976e689381649ba359466ba5f891322
cb6ef7570da4621c6db5c23bbe9e382e
99aa6db3390acb91b9c67ac251c2ffc3
a56246ac270979f33de6dff3aa6b9d43
afa731bcb72c96c2e3554518143a2941
8479ea66ef737620144bfa24d5793005
702881557801a075ae91c8662556181d
fc4dfe6ba9c75dacbd9f4cf5f3b4dfbd
82ace92edf245eceddd502b65632b4af
26815c7856a9b3e2912bba2e10baac34
be232e269a6067bd2d936f16e6c8a3a6
c4c56fbf67434f5f2939dd4e85cf6108
90fda039097bcb9dfea77c93321895e4
73a5ffcaeea72c89632f6597113fa435
749b7ec34a2cd0864cd296419bdafcd8
a0eb6f7674520a01b151c490dc342dc7
37a4e14ce1ec4965f26e1326d7241762
5c9926a62a9e5096ce63349acbe89724
d2410737db46df9bada726bfc2416a2c
694c781f29dccaa1f26fcd58c79d4371
01f91c7bd6eb1ca1edf5bee04ea2786a
5a1adb87796cc4dc05dd38ff285e3408
38786dc33bfa6f02d3aa1bf997d25398
0b4cbdb97296ee00c6a67179f4b4efb7
f139106bdfbc3e4faf1f4bad2a5f326b
14ed4ae45d2d65ad5c78581940bb353a
59d56377f67d382fa5adca980a21caa8
2b7d4f9881b452a48abff40cf56241f4
59363777b0f98db4f96722fc95752866
0fa70e52865138e9644a24c036e3bda2
ad5649957c67a8ecf5fae796fb7e40db
e2c1e535725b5b24cd19c51a0e8dc8f4
0cadd80f58357b3135825cba81785b56
8387b6d495aa45270872f60aabc1c394
f7b74bcb292788f9cc5c584a01a9a47b
42a59aacc105356cfa1565cad548fd88
d4c16bdda9973cec6f66b6cb6216e7d1
042d4daa42d5941ed5efce7d10c72c25
cd8d8148c21c5acb1739ba3467dfe119
d4b664e27c6c8ec2eb4154d73b498171
SUSE LINUX 10.0:
f1a8ba80079b81685d9426f09b64bb99
d2390ddccfaad103ae4d80fb59a73800
f45d3b6f92c7e07be02ac7c45d6d2420
d5ddb4d7c4e729712abd31c16d1d00fb
5354e1fa6372548bb998eacbb438fc9d
f358de08699bfbd90c2a96b63d04ebe9
002fde4bfccb45b7b928f2d6cb175702
8dcc7463d139b67f4058196077fd77bb
82ef2c427e48d71d088bccdd3090051d
4cada92e8b362a18a6cb2e7b9dad1867
a5c1fb1d7ba62cb7d47e1ebc68b6043b
e2e53924d3dd90ae1ed6fd6cf65e5a98
cd9bad0b01cdad5dc70d4fbc82352af0
d0af6de05ca9a572cf9ea25ba702867c
SUSE LINUX 9.3:
fb640315cdcf43f2ffd7f6f51828eccc
474bcbd50739da47319f62ea9efac697
f591a96ebe1788fa7503ed80b35f4b9b
00c44c19362f6256a95496de93500524
cc6aebefa35a4bca90cc22cf4522fe97
00dfc63513b64f9aa6534ee0424a4d42
cfab4802ff6cdb522494690a53166bbe
a8b6221034411bf63093fa7c2b8e6ad4
267669734dc0e95e2bdf96a4c9ce5321
31d0831adab64bbf848433c2b0b68db8
751dad14c0578d2522cad557ad00f13f
32523934ffd726b303cd7650168262f2
5155c42795497c07f27093677b011d2c
23bb3edd5eccdbfdba9abcfb1c356a7c
7e0d874eacfb71671ef2cce0287f8cb0
7e561721fad94a6d744864bce5dd551e
SUSE LINUX 9.2:
bb0396417107d32fed4997d7a70b37f9
bde42b68a6ed0eb3c3633ceb125f348c
ef4c6540b77fa646649fdc473039a569
740f4bb7cbb56cf55360bf4a1edf32fe
19313402b487108c4ef883dfcb7aa03e
4acac5fcacfb83abe2326c880a9ab94b
d5649a51a381106a7733bfe093c71bc4
0415a737781d2906b3d380ccf3946dc7
5bf912e55bb0fb5aec445eafa0075784
f56fe753c10797532e7239b9a68e97d6
a2f9dbcacff96e556ff82cc716417ed5
5a062eb816a7a4638f9261ba98767dd2
9e31db031ba57f3af146a17d9597986f
0f9837aa3de9897a5983af8726615339
SUSE LINUX 9.1:
ceba69d6952612d1cc2434b8da1cbf75
1c1d3680df647755a922fbf8028b58b9
217d25d2d474d4f7eb974d966fd4c926
aabe3bb797ddaacc5f19b144d37b4be5
d87358add6318890f66d0de62a2bcbea
d8eadd159248361b0a9ee0e0cb3f4168
Platform Independent:
SUSE LINUX 10.1:
8a183fb7f7b69af041e1f6f4a5b46d68
827b675a6c216ec32902183c79433479
f6ae693557732b8f27eba4dfde4a9eb4
acb673a77bfe60d6d036e60f5b19764b
83c76ee5e56846ec7545d5fe0bf25098
SUSE LINUX 9.3:
1ebb82bcf1316493ca8b4355db932d0b
SUSE LINUX 9.2:
e7d6caf8cb9c23119d181b98efaf7ba7
SUSE LINUX 9.1:
ece4fe625855902c637abe9f1252f6d4
556b8059e67605daa9d789907db10778
Power PC Platform:
SUSE LINUX 10.1:
f630cd2887055b6442706a229bd79f34
8aa6cc2de24e4bb4d4c74307986ca354
f7e3b65e5754df2c7e3f81387f4dfce5
5c6861388a938b80c266a1932fac85d0
ac3295455812a021ad5f239ab56287cb
8dd405813e14d317831dc5b6a657d55d
c59982049da9a11ebf26e3ac477442ab
fdcc271b40cfc14985951fb94154c0ef
16e8bf1e04d4574ea116fd8a9617c5ed
0e648065b5442763404396603e1c2782
a7dcee57666e9ca61d4dea5b4953655b
e37ef749e89e0785dee5cb0bb1efa740
1623a8a97419a2272027aa166430860a
76c9fdf080d3697ba2b97a18b3c031f8
181a7668969c02dd217f77f795f88214
216d42cb7f22a423bb62b1af3124ca5a
2442412bc80a1301b3cf4a8e491e1a1d
583928fdc71ae4a8790bc1d04be092d0
0c617c35763488383d31e09776981ffc
b64cd82811dc7d7f279b87e5dbc51276
70ca7ada636755d8ba1d159d38cfb98c
0df9787c0d34cdde227e76218accbafb
8b19b4b4d10841fc0edcfad8bead5321
108d8f2c2b660bfd805ef76820a8a835
0dab492bad5d5815c678df2987ebae62
61cd65508674e71fe619bec2fb9026f3
4571532a54b7e221448b324ca994e4d1
079bb0db9f9396f5daf64cb00246bbd1
835067ccf55f42ed34cff08e9b6ffce4
3bd1bb0e1150dc95f94858e956f4dc22
068e5337926200f980be3dcb67c2eb98
SUSE LINUX 10.0:
8351be43b5c3896df83c63ba65cfeb5a
7747fa43d835b3320b3a3fa54f235013
18c443c60f7829c88bd821fb865046ac
06cf812b56183eb5156e344db7fe310c
2f44c721c158dd9f56a497223b54431d
x86-64 Platform:
SUSE LINUX 10.1:
060873e93856d7954d33812f2cb26c13
a3149bc43d13af6a808efce907f11b53
48d28c73627c036e60fbcba5daa889ff
dee93d43a783ebf6ca16202a1382118f
dc2bb193b8f30b6d3444aa9371826d23
df81804f31015ce6baf0eec3354a75b9
a9f20351762bccc74ebc1df2d5b5adf4
1013121fc139ace267bb33f3b10e114d
44025e09c1571e735f82d4d60e71fc0b
3331bff87496d9e9afa1fb83919b1111
2b85c2e78d4ecb2e0e21f7908c7257f6
bd3e07b7356c64b541be792c97868d19
35ee253010ade83dc595c8a27f308335
d845a7df15fdb571df85b31e6a667005
a3f8918d10b82a61042f3044a695e877
82f20f84b58d676999e5e909336c66b7
c5584a0cbbc8d0fef477afe195dcf277
fe4d8f6e1297c41dd04b1dc6473d47c1
1a03723657be633a35162e31940ae647
66875b4b65f2e48df27491a2d0d93de9
0e8f15d78033b73a96440736820e5cbb
d237873002ea1a5501f3b61f76b6903c
f44e5a424121b256b3c1287997ba4061
170baeb8f839651598ddbcbf93aa4670
d32a01850aebf660e1a740c2f9b9927a
8002fc7b644f2c64c258400f29050e5d
9c7549f01707a434c0247f73eb9b0152
9ecef38e308f2e4ef644e832fee15a8b
121b57cabdcb74e90f3992ad2a7843c8
84ef08317d3bcf6552ec57a0487349e0
64898d1f8f8e98ab43f2d52a10bd3a52
49bee58e184fe82330f0b9c1720a97f4
e01336dc8e630ffa76918c4e487dba9f
fe54b39f60d50c48f25d9e756212991e
2906ea2b8c781eda354a83bcd668ea10
16ee21b17dcd1e5c3db212d9b9f281ba
59f733077e5cf2d208802599111778b1
6bce5050ab3d11597c129b2a86a22599
b033fe6ec282491fc8227718a2ccddb3
e0a234ff6261e1b3d28afcfb1b09cb52
e262ada6e83e80b394f84deb18d367c7
1ba9eece36909166f129f3a05c5b0a34
0c61295b0a053475f6a31619f761d67d
28c2c42e81b473b533800c26fb161db8
b490a216fad445f0499dabb64307de75
f72df7eddb5a3f417878e5680fab5cd1
c51104356caeb53cd189079bfc8f7bb4
5487af5844e98b6a3d51394671d19fd5
5547a66c2172a1e37cf83352a2971bf7
fbd677b5ef2747de9f038efb55ff5162
01f40956b13ece3ffac89484d99784f1
149b04dbd960e9c853578c5357ce142d
3356f6a1d58c98344b354fc556a7ed32
3fcf84553e3039c1ad1659681fa59c4f
c9c8d7587bd5922fb0d87d066f402d72
dffd5eab1d7e201b8802b96bd5b39030
8f08be21026a337d1331288d0ed33192
9e9806f40e6ab9961543306d1ee236cf
7ef2bf1b781916f5a778804380ad921b
04e9674d20bbbf8785b5cfcc2131e7da
a0b1277b24d9c2c0a46557bb6f4e4473
b5eb3c8eb334d8f09bce0ec67d9e9ca7
9955c0c24e174ec83f46ce52e76ab98e
523ccc5bee4cfdbb9b1b7080f9a05649
08159c0dd7ea459396d5de547e75d7f0
b2499ba0ba2367da270f690b75ee40c8
45d781cffb80f6d8bd5d58be522aa2f4
7ad169812c058a21be7b49fd86fd9237
f9c0361874d265be3e6e2e8ef66ae635
SUSE LINUX 10.0:
b85489f0ad8cc9bbb5728c64e7c8fc2f
4e132e7adbada352e112c64a3c9f2408
087fea22e9d90ef98337c30f55318db3
e6f47d4bd1fda55cabf5a59b62c2e183
0a6f8350214710e2f600ac204eb1a0a5
5fff86f3834368fa34c5e32855f44d0c
f87081d87e0f9c7d3ba627309107bddf
b8d9b58c238d533550ccce278dad30f0
SUSE LINUX 9.3:
43f6fb67727c88b0f4aeda733120ac84
bf333ee5088cc7f5a4888530557fb719
be4142bb00d29a20b18159add573fc74
8c47ed2a4949b3e9aaa046830472b2ef
1d373c25c0590d223f17e1d9feba1f6c
f21817e9293fc603914958b0eed983ca
SUSE LINUX 9.2:
c4d600c67fa16520e30e4f306c2f174c
1e5a69fdd455ba1c9317b5386b4f887d
37a138694706fdd8229d51f75256ca74
9ede22ac6b4119995d4c8ea6329f2851
9c28c19a989ad975e26c3c4210ab93df
ef6477f4e8d9386e8c14e5f33cab6e15
SUSE LINUX 9.1:
a1ec9ed29e7b844639fb264c0c051f79
9c18e347968bc60d4e32b67557c1830b
205bd72a791fd24589330c152f73d18b
63ada2081021bc1307c6153ccd043b87
Sources:
SUSE LINUX 10.1:
43095bf3f55a08d8064a021d6aaa1db7
abe9f0dc42be1ce5c7590f357d9d134b
7fe00c347fec96fef49bf0463b209210
c6b49655962246afcc288c2df8eed31f
5257e473bc5e8a6f7c4dccd5e6a9ae55
cf3d5c02a37d737c0178c72ea84ee203
f7c33143e57fb99cf0b392096d9f7d44
9359a72d2f9016a61beb36f6b2f0fa28
4a26cacb10c6dbf2706fadc4b83535e4
235efd96d5f7c6ccfc9a398cc8d27108
40dc372c825056205aa0c1cc1de2473b
ed77128c1b3433a22c12cb78491d9353
d322ff866d8534ad3bc53e6dabc3443d
a4aeb424592289ef78edcdd6cd1449db
9173110fbf71bfb007b9a560e3a9bad6
02cdf335631f2da95056cba8eda0f165
1324aec2bfd8c3530e8f90088cc25c81
1250728306b9b3253ae82afedf0f1e4a
f193f3d82e8b0aa15d7ab13a081a7cf2
3374197c18ba7324995f433a939fbe54
ddf61f16d38e997d85fd04fdf64eaa02
261e2516378e1e6596f9ad767a0594bc
852e15549b54733414a667631052840b
330f5f4e04d9448b023301d3ff332305
9adfc5f7c109b6c7f206d2765b99f1ec
279b8397e1cd4fd829b12f09018f46cc
SUSE LINUX 10.0:
4b3fb42d44b1cf10ab6d4ede6bb67fa0
e05d21d1ad9f1c3ea3268dde157fe13b
f10fad044c2193fa6261096b223db611
3190b4017784a56bb412971d6ed06a1f
bcfbd7b1edbc5a97d9fda3f540d0be9d
b590965d0190dfe933b8e3572a190706
00a4a6bcab31204089ec8464b070ecf9
790f0f0352d0f3cceb730a4e06f1951f
0c017619952331561adfbed8399d7aff
c2ed71e73606a5330f55870b8f1d7d38
9fcc6eb7846ddd324f4c88a9f1a99eea
SUSE LINUX 9.3:
e84f71edcbbad93da19fca50936e457f
c2d704c30248e369c1256c9cbda9c792
a83446d1d83069403cf167da49f7e4ac
515752e1ce2951bf3338664c6db1e93f
2227766974f9d279173ff67adac2846a
a7eb9d1dde2fbf036057c3eea7da228f
bd62cf4acca249292569a439d1b95a08
7f5d2e691cf0e2373b85895e7518a1ff
f637f470f98d0c2ed239dae6d57461b8
a070d16b8d8f48d7df10f4a2a7553746
a4df9d5558c21e322565bb837443b249
SUSE LINUX 9.2:
df33c271d1a488f4b546947c9100e856
4baaed24bac712a743c68e6da5328bbd
a12e6479c058a95c5c057359df1f87ac
d49b746c707e82b7552e09ca752b012c
2e4370a418fb2cd663e19f1b5722e8d2
ddb880da28744d6906698a6d71772b9a
be826c69b6a717786bc4a42d4558d666
73f298756b8c260db19f66045702de42
929a46b7e2e7045c182909134c90f764
933712007872a733e4f8f2f7a2d6040f
SUSE LINUX 9.1:
86501653c20812d977ea23f47af5c9d3
6fc2656d5c81821db987ccfa26ad51ea
8541534925706aa2063d874f14a365a6
c9a6e3ee6a98005ecd4710a8b0bc8c4e
523fd5b4a12c8c666818ea94e9e699e3
660abce3f8e14427bbaf17e3fa01d115
d259fef3b0115765990fb4e58cee0e40
77411e0e5b44ae7ca78bc0e9ed77e646
da439bf54800360273231d0a62e00f72
862a7fafdee7df50a02aceac09f86017
61a48f3900f2c1d2fd389dff0566225d
cd0906f0fc78df823b65df1b6de63944
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify
replacing with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team "
where is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
.
suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
.
For general information or the frequently asked questions (FAQ),
send mail to or
.
==================================================================== SUSE's security contact is or .
The public key is listed below.
====================================================================
