-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: kernel < 2.2.16
Date: Tue Jun 27 13:31:38 MEST 2000
Affected SuSE versions: 6.1-6.4
Vulnerability Type: local compromise of setuid applications
SuSE default package: yes
______________________________________________________________________________
A security hole was discovered in the package mentioned above.
Please update it as soon as possible or disable the service if you are using
this software on your SuSE Linux installation(s).
Other Linux distributions or operating systems might be affected as
well, please contact your vendor for information about this issue.
Please note that we provide this information on an "as-is" basis only.
There is no warranty whatsoever and no liability for any direct, indirect or
incidental damage arising from this information or the installation of
the update package.
_____________________________________________________________________________
1. Problem Description
The implementation of the capability feature of the kernel 2.2.x < 2.2.16
is faulty.
2. Impact
This bug allows an local adversary to exploit certain setuid
applications to increase his/her privileges.
3. Solution
We are sorry about the late release of the new kernel, but the plain
2.2.16 kernel causes trouble with our patches and it also has a new
security hole. After we solved all these problems, we hope,
we could provide you with a more stable and more secure kernel.
Please, update the package from our FTP server.
(These RPMs could also be used by SuSE Releases < 6.4!)
The Alpha kernel will be released within the next days. The PPC kernel
could be build from lx_suse.rpm
_____________________________________________________________________________
Please verify these md5 checksums of the updates before installing:
i386 Kernel Images:
c089568d3d6a9f0826146f9204a37888 ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/k_deflt.rpm
f454d629ccdf49e98fe759448ac1d34b ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/k_eide.rpm
0c7111d249482920bb4a14a59ea1dbc2 ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/k_i386.rpm
Laptop Kernel Images:
3faa2d00ab77ce0c336fc8fa9d4dee11 ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/k_laptop.rpm
SMP Kernel Images:
45b9cd13f61e1cf0b82b8b2d847650c9 ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/k_smp.rpm
SuSE Kernel Source Code:
41bde34659d93214af2cf5da6e7e2896 ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/lx_suse.rpm
PPC Patches:
b9c8008eec0922a06c95be7c76f4da8e ftp.suse.com/pub/suse/i386/update/6.4/kernel-2.2.16/patch_collection.tar.gz
______________________________________________________________________________
Try the following web pages for a list of mirrors:
http://www.suse.de/ftp.html
http://www.suse.com/ftp_new.html
Our webpage for patches:
http://www.suse.de/patches/index.html
Our webpage for security announcements:
http://www.suse.de/security
If you want to report vulnerabilities, please contact
security@suse.de
______________________________________________________________________________
SuSE has got two free security mailing list services to which any
interested party may subscribe:
suse-security@suse.com - moderated and for general/linux/SuSE
security discussions. All SuSE security
announcements are sent to this list.
suse-security-announce@suse.com - SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent
to this list.
To subscribe to the list, send a message to:
We are sorry about the late release of the new kernel, but the plain 2.2.16 kernel causes trouble with our patches and it also has a new security hole. After we solved all these problems, we hope, we could provide you with a more stable and more secure kernel. Which new security holes are this? I am always using fresh kernel.org kernels, so I'd like to know about those other holes.
thank you! Markus Gaugusch -- _____________________________ Markus Gaugusch ICQ 11374583 markus@gaugusch.dhs.org
Hi, after updating the new kernel (using k_deflt) on my 6.4 system the ethernet card is not recognized anymore: Setup Network device eth0 SIOCIFADDR: No such device SIOCIFBRDADDR: No such device SIOCIFMASK: No such device It's a 3COM 3c905C, and it worked perfectly with the last SuSE-Version of k_deflt.2.2.14 The entry in /etc/modules.conf hasn't changed. Has anyone an idea what could have gone wrong? And how I could get my card back to work? Thx, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
On Wed, 28 Jun 2000, Frank Steiner wrote:
after updating the new kernel (using k_deflt) on my 6.4 system the ethernet card is not recognized anymore: [...] It's a 3COM 3c905C, and it worked perfectly with the last SuSE-Version of k_deflt.2.2.14 The entry in /etc/modules.conf hasn't changed.
I had the same problem. This is a fault in the 1.0.0i version of 3Coms 3c90x driver. SuSEs 2.2.14 kernel had version 1.0.0 (sans i). In the meantime I switched to using Don Beckers old 3c59x. The menuconfig option is "3c590 (Boomerang)" or so... If you're using modules only, change the "alias eth0 3c90x" to "3c59x". Cheers Robert P.S. the 1.0.0i is identical with the latest version from 3Coms site, so it's their fault (so to speak) or SuSEs for not checking... -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
On Wed, Jun 28, 2000 at 13:24 +0200, Robert Casties wrote:
On Wed, 28 Jun 2000, Frank Steiner wrote:
after updating the new kernel (using k_deflt) on my 6.4 system the ethernet card is not recognized anymore: [...] It's a 3COM 3c905C, and it worked perfectly with the last SuSE-Version of k_deflt.2.2.14 The entry in /etc/modules.conf hasn't changed.
I had the same problem. This is a fault in the 1.0.0i version of 3Coms 3c90x driver. SuSEs 2.2.14 kernel had version 1.0.0 (sans i).
In the meantime I switched to using Don Beckers old 3c59x. The menuconfig option is "3c590 (Boomerang)" or so...
Does this driver work with the above mentioned card? IIRC I had to update driver 1.0.0c to 1.0.0d before it's not just recognized but useful since functional (the diffs told me timing constraints were relaxed with delay loops, and before the update I even got "Eprom checksum errors" and defective MAC addresses at recognition time). Note the C in the above 905C, the chip is labeled in a way that one could be tempted to call it "920something". virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
On Wed, 28 Jun 2000, Gerhard Sittig wrote:
In the meantime I switched to using Don Beckers old 3c59x. The menuconfig option is "3c590 (Boomerang)" or so...
Does this driver work with the above mentioned card? IIRC I had to update driver 1.0.0c to 1.0.0d before it's not just recognized
I can't tell for shure. The version numbering for 3c59x is different from 3c90x anyway. Mine says: 3c59x.c:v0.99H 12Jun00 Donald Becker and others http://www.scyld.com/network/vortex.html eth0: 3Com 3c905B Cyclone 100baseTx at 0xb000, 00:50:04:10:9d:29, IRQ 12 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. MII transceiver found at address 24, status 786d. MII transceiver found at address 0, status 786d. Enabling bus-master transmits and whole-frame receives. So I think I have a 905B card and I can't say whether there's problems with 905C cards. Give it a try or look around Don Beckers pages...
but useful since functional (the diffs told me timing constraints were relaxed with delay loops, and before the update I even got "Eprom checksum errors" and defective MAC addresses at recognition time). Note the C in the above 905C, the chip is labeled in a way that one could be tempted to call it "920something".
I had a look at the diffs of 3Coms 3c90x between 1.0.0 and 1.0.0i and it looked rather large so you might not want to downgrade. Still the 3c59x is a different breed of drivers. Cheers Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
Robert Casties wrote:
On Wed, 28 Jun 2000, Gerhard Sittig wrote:
In the meantime I switched to using Don Beckers old 3c59x. The menuconfig option is "3c590 (Boomerang)" or so...
Does this driver work with the above mentioned card? IIRC I had to update driver 1.0.0c to 1.0.0d before it's not just recognized
I can't tell for shure. The version numbering for 3c59x is different from 3c90x anyway. Mine says:
3c59x.c:v0.99H 12Jun00 Donald Becker and others http://www.scyld.com/network/vortex.html eth0: 3Com 3c905B Cyclone 100baseTx at 0xb000, 00:50:04:10:9d:29, IRQ 12 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. MII transceiver found at address 24, status 786d. MII transceiver found at address 0, status 786d. Enabling bus-master transmits and whole-frame receives.
So I think I have a 905B card and I can't say whether there's problems with 905C cards. Give it a try or look around Don Beckers pages...
905C works fine, too! Best, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/ * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
On Mit, 28 Jun 2000, Robert Casties wrote:
It's a 3COM 3c905C, and it worked perfectly with the last SuSE-Version of k_deflt.2.2.14 The entry in /etc/modules.conf hasn't changed.
I had the same problem. This is a fault in the 1.0.0i version of 3Coms 3c90x driver. SuSEs 2.2.14 kernel had version 1.0.0 (sans i).
In the meantime I switched to using Don Beckers old 3c59x. The menuconfig option is "3c590 (Boomerang)" or so...
P.S. the 1.0.0i is identical with the latest version from 3Coms site, so it's their fault (so to speak) or SuSEs for not checking...
I would like to see better Support from SuSE, cause in the past i had a lot of problems with packages from SuSE with incompatility in drivers and/or software (raid, 3com, smp, vortex-icp, ..., etc). Most of those Problems i didnt see in Debian GNU/Linux - just for example. Maybe SuSE starts sometime to fix this, and let us download k_*.rpm's from the FTP-Server in an faster period than the box-updates ;) Greetings, Joerg Henner. -- LinuxHaus Stuttgart | Tel.: +49 (7 11) 2 85 19 05 Jörg Henner & Adrian Reyer, Datentechnik GbR | D2: +49 (1 72) 7 35 31 09 | Fax: +49 (7 11) 5 78 06 92 Linux, Netzwerke, Webhosting & Support | http://lihas.de
On Tue, Jun 27, 2000 at 06:42:22PM +0200, Thomas Biege wrote:
3. Solution
We are sorry about the late release of the new kernel, but the plain 2.2.16 kernel causes trouble with our patches and it also has a new security hole. After we solved all these problems, we hope, we could provide you with a more stable and more secure kernel.
Please, update the package from our FTP server. (These RPMs could also be used by SuSE Releases < 6.4!)
Will there also be a version available, that will not crash the X-server with Jun 30 23:05:41 lutzpc kernel: VM: do_try_to_free_pages failed for kswapd... Jun 30 23:05:46 lutzpc kernel: VM: do_try_to_free_pages failed for X... Jun 30 23:05:46 lutzpc kernel: VM: terminating process X when trying to invoke Netscape on my 64MB Ram machine at home? Back to 2.2.14 and I better do not upgrade the zillion machines in the institute.. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Fri, 30 Jun 2000, Lutz Jaenicke wrote:
On Tue, Jun 27, 2000 at 06:42:22PM +0200, Thomas Biege wrote:
3. Solution
We are sorry about the late release of the new kernel, but the plain 2.2.16 kernel causes trouble with our patches and it also has a new security hole. After we solved all these problems, we hope, we could provide you with a more stable and more secure kernel.
Please, update the package from our FTP server. (These RPMs could also be used by SuSE Releases < 6.4!)
Will there also be a version available, that will not crash the X-server with Jun 30 23:05:41 lutzpc kernel: VM: do_try_to_free_pages failed for kswapd... Jun 30 23:05:46 lutzpc kernel: VM: do_try_to_free_pages failed for X... Jun 30 23:05:46 lutzpc kernel: VM: terminating process X when trying to invoke Netscape on my 64MB Ram machine at home? Back to 2.2.14 and I better do not upgrade the zillion machines in the institute..
We currently test a new kernel, which fix' this VM bug. If you don't want to upgrade your kernel but fix the capability bug, then try this (http://c.home.cern.ch/c/cons/www/capcheck/) kernel modules. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
On Sat, Jul 01, 2000 at 12:58:23PM +0200, Thomas Biege wrote:
We currently test a new kernel, which fix' this VM bug.
If you don't want to upgrade your kernel but fix the capability bug, then try this (http://c.home.cern.ch/c/cons/www/capcheck/) kernel modules.
I am not a version junky, so I actually don't care about the version number. 2.2.14 did its job, whether I run a modified 2.2.14 or 2.2.16 will depend on release dates. Sometime next week I'll have to take care of the possible security risks involved and I will use what is there at that time :-) Thanks a lot for your fast response, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Thomas Biege wrote:
On Fri, 30 Jun 2000, Lutz Jaenicke wrote:
On Tue, Jun 27, 2000 at 06:42:22PM +0200, Thomas Biege wrote:
3. Solution
We are sorry about the late release of the new kernel, but the plain 2.2.16 kernel causes trouble with our patches and it also has a new security hole. After we solved all these problems, we hope, we could provide you with a more stable and more secure kernel.
Please, update the package from our FTP server. (These RPMs could also be used by SuSE Releases < 6.4!)
Will there also be a version available, that will not crash the X-server with Jun 30 23:05:41 lutzpc kernel: VM: do_try_to_free_pages failed for kswapd... Jun 30 23:05:46 lutzpc kernel: VM: do_try_to_free_pages failed for X... Jun 30 23:05:46 lutzpc kernel: VM: terminating process X when trying to invoke Netscape on my 64MB Ram machine at home? Back to 2.2.14 and I better do not upgrade the zillion machines in the institute..
We currently test a new kernel, which fix' this VM bug.
If you don't want to upgrade your kernel but fix the capability bug, then try this (http://c.home.cern.ch/c/cons/www/capcheck/) kernel modules.
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, maybe some kind of process murderer was still aware in kernel 2.2.13.SuSE. Some time ago, I was trying to run several memory consuming processes in parallel at my pc. Linux began to swap out some memory, and then VM killed named. Jun 18 02:48:23 alberich kernel: VM: killing process named In case a bug like this one is still kown for kernel 2.2.13, delete this message and excuse me being out of date. Bye, Christian
Hi, On Fri, Jun 30, Lutz Jaenicke wrote:
Will there also be a version available, that will not crash the X-server with Jun 30 23:05:41 lutzpc kernel: VM: do_try_to_free_pages failed for kswapd... Jun 30 23:05:46 lutzpc kernel: VM: do_try_to_free_pages failed for X... Jun 30 23:05:46 lutzpc kernel: VM: terminating process X when trying to invoke Netscape on my 64MB Ram machine at home?
Yes of course. We´re currently testing the kernel that can also be found at ftp.suse.com:/pub/people/mantel/linux-2.2.16.SuSE.tgz. I can also send you a patch that fixes the problem with innocent processes getting killed (btw. most of the pre17 kernels also had this problem).
Back to 2.2.14 and I better do not upgrade the zillion machines in the institute..
The funny thing is: We even test our kernels on some of our internal servers that are under quite some load. And according to Murphy this very problem didn´t occur on any of them. In fact, three servers here still run the buggy kernel. But not for very long any more ;)
Best regards, Lutz -o) Hubert Mantel Goodbye, dots... /\\ _\_v
On Sat, Jul 01, 2000 at 03:11:17PM +0200, Hubert Mantel wrote:
Back to 2.2.14 and I better do not upgrade the zillion machines in the institute..
The funny thing is: We even test our kernels on some of our internal servers that are under quite some load. And according to Murphy this very problem didn´t occur on any of them. In fact, three servers here still run the buggy kernel. But not for very long any more ;)
I understand that the release of 2.2.16 was for a reason and under unwanted time pressure. I am using SuSE on quite a number of machines for several years now and this is the first time I ever actually had a severe problem like this :-) Best regards, Lutz PS. I do install things at home first and test them a bit before upgrading or installing on the PCs and servers at the university. -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Hubert Mantel wrote:
Yes of course. We´re currently testing the kernel that can also be found
Talking about the new kernel... Will there be also a fix for the 3Com905 driver? Actually it seems that the error is not in the new driver 1.0.0i alone, because I recompiled the old driver 1.0.0 from the 2.2.14 kernel against the 2.2.16 kernel, but still it doesn't work. As using the 3c59-drivers fills the log files with hundreds of message like Jul 3 11:17:49 listrac kernel: eth0: Tx Ring full, refusing to send buffer. it would be nice to switch back to the correct driver :-) Best, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/ * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
Hi, On Mon, Jul 03, Frank Steiner wrote:
Yes of course. We´re currently testing the kernel that can also be found
Talking about the new kernel... Will there be also a fix for the 3Com905 driver? Actually it seems that the error is not in the new
I hope so. You have a 3c905C, right? We tested on 905B and 980TX and could not find any problem. It seems only 3c905C has the problem. Andi will buy such a card tomorrow and will try to fix it.
driver 1.0.0i alone, because I recompiled the old driver 1.0.0 from the 2.2.14 kernel against the 2.2.16 kernel, but still it doesn't work. As using the 3c59-drivers fills the log files with hundreds of message like
Jul 3 11:17:49 listrac kernel: eth0: Tx Ring full, refusing to send buffer.
it would be nice to switch back to the correct driver :-)
Best, Frank -o) Hubert Mantel Goodbye, dots... /\\ _\_v
On Mon, 3 Jul 2000, Hubert Mantel wrote:
Talking about the new kernel... Will there be also a fix for the 3Com905 driver? Actually it seems that the error is not in the new
I hope so. You have a 3c905C, right? We tested on 905B and 980TX and could not find any problem. It seems only 3c905C has the problem.
I can add that I had a problem as well with the 1.0.0i release and a 905B (according to /proc/pci) the card wouldn't work at all. It was all fine with 1.0.0 on 2.2.14. I didn't try 1.0.0 on 2.2.16. I'm happily using Becker's 3c59x module at the moment. Cheers Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
Hi, After updating the kernel, the 'Sys-Rq'-Key does not work anymore. It's enabled in the .config file: CONFIG_MAGIC_SYSRQ=y With 'showkey -s' the apropriate keycode '0x54' is generated. CU Peter -- Peter Fleischmann Diplom-Mathematiker email: fleischmann@mathematik.uni-wuerzburg.de ---------------------------------------------- Quitters never win, winners never quit, but those who never win AND never quit are idiots.
participants (11)
-
Christian Haufe -
Frank Steiner -
Gerhard Sittig -
Hubert Mantel -
Joerg Henner -
Lutz Jaenicke -
Markus Gaugusch -
Peter Fleischmann -
Robert Casties -
Thomas Biege -
thomas@suse.de