Mailinglist Archive: opensuse-security-announce (9 mails)

< Previous Next >
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2007:064)
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Tue, 04 Dec 2007 11:58:44 +0100
  • Message-id: <475532e4.vp0uAcWBaQI8hfa3%meissner@xxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: kernel
Announcement ID: SUSE-SA:2007:064
Date: Tue, 04 Dec 2007 11:00:00 +0000
Affected Products: SUSE LINUX 10.1
SUSE Linux Enterprise Desktop 10 SP1
SUSE Linux Enterprise 10 SP1 DEBUGINFO
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote denial of service
Severity (1-10): 9
SUSE Default Package: yes
Cross-References: CVE-2007-3104, CVE-2007-3740, CVE-2007-3843
CVE-2007-4308, CVE-2007-4573, CVE-2007-4997
CVE-2007-5904, CVE-2007-6063

Content of This Advisory:
1) Security Vulnerability Resolved:
Kernel bugfix and security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

This kernel update fixes the following security problems:

- CVE-2007-3104: The sysfs_readdir function in the Linux kernel 2.6
allows local users to cause a denial of service (kernel OOPS)
by dereferencing a null pointer to an inode in a dentry.

- CVE-2007-4997: A 2 byte buffer underflow in the ieee80211 stack
was fixed, which might be used by attackers in the local WLAN reach
to crash the machine.

- CVE-2007-3740: The CIFS filesystem, when Unix extension support is
enabled, did not honor the umask of a process, which allowed local
users to gain privileges.

- CVE-2007-4573: It was possible for local user to become root by
exploiting a bug in the IA32 system call emulation. This problem
affects the x86_64 platform only, on all distributions.

This problem was fixed for regular kernels, but had not been fixed
for the XEN kernels. This update fixes the problem also for the
XEN kernels.

- CVE-2007-4308: The (1) aac_cfg_open and (2) aac_compat_ioctl
functions in the SCSI layer ioctl path in aacraid did not check
permissions for ioctls, which might have allowed local users to
cause a denial of service or gain privileges.

- CVE-2007-3843: The Linux kernel checked the wrong global variable
for the CIFS sec mount option, which might allow remote attackers to
spoof CIFS network traffic that the client configured for security
signatures, as demonstrated by lack of signing despite sec=ntlmv2i
in a SetupAndX request.

- CVE-2007-5904: Multiple buffer overflows in CIFS VFS in the Linux
kernel allowed remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via long SMB responses that
trigger the overflows in the SendReceive function.

This requires the attacker to mis-present / replace a CIFS server
the client machine is connected to.

Also the exploitability of this problem is not known.

- CVE-2007-6063: Buffer overflow in the isdn_net_setcfg function in
isdn_net.c in the Linux kernel allowed local users to have an
unknown impact via a crafted argument to the isdn_ioctl function.

and the following non security bugs:

- patches.drivers/pci-delete-ACPI-hook-from-pci_set_power_state.patch:
Delete ACPI hook from pci_set_power_state() [#162320]
Still execute the code on Lenovo ThinkPads (or USB ports do not
work anymore after suspend [#329232]
- patches.drivers/alsa-post-sp1-hda-probe-blacklist:
[ALSA] hda-intel - Add probe_mask blacklist [#172330]
- patches.drivers/alsa-post-sp1-hda-robust-probe:
[ALSA] hda-intel - Improve HD-audio codec probing robustness [#172330]
- patches.arch/i386-hpet-lost-interrupts-fix.patch:
Backport i386 hpet lost interrupts code [#257035]
- patches.fixes/megaraid_mbox-dell-cerc-support:
Dell CERC support for megaraid_mbox [#267134]
- patches.fixes/nfsv4-MAXNAME-fix.diff:
knfsd: query filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803]
- patches.drivers/ide-amd74xx-add-ignore_enablebits-parameter:
amd74xx: add ignore_enable_bits module parameter [#272786]
- patches.fixes/legacy-pty-count-kernel-parm.patch:
Add a kernel boot parameter to overwrite the legacy PTY count.
The default value of 64 is insufficient occasionally [#277846]
- patches.fixes/lockd-grant-shutdown:
Stop GRANT callback from crashing if NFS server has been stopped.
[#292478]
- Kernel update to 2.6.16.54 [#298719] including (among others):
+ lots of md fixes
+ fix of sparc bugs
+ fix of TCP handling of SACK in bidirectional flows
+ fix of MCA bus matching
+ fix of PPC issues:
* Fix osize too small errors when decoding mppe.
* Fix output buffer size in ppp_decompress_frame().
- patches.fixes/assign-task_struct.exit_code-before-taskstats_exit.patch:
Assign task_struct.exit_code before taskstats_exit() [#307504]
- patches.fixes/bonding_no_addrconf_for_bond_slaves:
bonding / ipv6: no addrconf for slaves separately from master. [#310254]
- patches.fixes/bonding_support_carrier_state_for_master:
bonding: support carrier state for master [#310254]
-
patches.fixes/fix-sys-devices-system-node-node0-meminfo-from-having-anonpages-wrapped.patch:
fix /sys/devices/system/node/node0/meminfo from having anonpages
wrapped [#310744]
- patches.fixes/nfs-remove-bogus-cache-change-attribute-check.diff
fix bogus cache change to make data available immediately,
on direct write [#325877]
- patches.fixes/tcp-send-ACKs-each-2nd-received-segment.patch:
Send ACKs each 2nd received segment. This fixes a problem where the
tcp cubic congestion algorithm was too slow in converging [#327848]
- patches.drivers/libata-fix-spindown:
libata: fix disk spindown on shutdown [#330722]
- patches.fixes/scsi-reset-resid:
busy status on tape write results in incorrect residual [#330926]
- patches.fixes/condense-output-of-show_free_areas.patch:
Condense output of show_free_areas() [#331251]
- patches.arch/powernowk8_family_freq_from_fiddid.patch:
To find the frequency given the fid and did is family
dependend. [#332722]
- patches.fixes/tcp-saner-thash_entries-default.patch:
Limit the size of the TCP established hash to 512k entries
by default [#333273]
- patches.drivers/alsa-emu10k1-spdif-mem-fix:
[ALSA] emu10k1 - Fix memory corruption [#333314]
- patches.drivers/alsa-post-sp1-hda-stac-error-fix:
[ALSA] Fix error probing with STAC codecs [#333320]
- patches.fixes/qla2xxx-avoid-duplicate-pci_disable_device:
Fixup patch to not refer to stale pointer [#333542]
- large backport of dm-crypt fixes: [#333905]
+ patches.fixes/dm-disable_barriers.diff: dm: disable barriers.
+ patches.fixes/dm-crypt-restructure_for_workqueue_change.diff
+ patches.fixes/dm-crypt-restructure_write_processing.diff
+ patches.fixes/dm-crypt-move_io_to_workqueue.diff
+ patches.fixes/dm-crypt-use_private_biosets.diff
+ patches.fixes/dm-crypt-fix_call_to_clone_init.diff
+ patches.fixes/dm-crypt-fix_avoid_cloned_bio_ref_after_free.diff
+ patches.fixes/dm-crypt-fix_remove_first_clone.diff
+ patches.fixes/dm-crypt-use_smaller_bvecs_in_clones.diff
+ patches.fixes/dm-crypt-fix_panic_on_large_request.diff
- patches.fixes/initramfs-fix-cpio-hardlink-check.patch:
initramfs: fix CPIO hardlink check [#334612]
- patches.drivers/lpfc-8.1.10.12-update:
driver update to fix severe issues in lpfc 8.1.10.9 driver
[#334630] [#342044]
- patches.fixes/nfs-direct-io-fix-1:
NFS: Fix error handling in nfs_direct_write_result() [#336200]
- patches.fixes/nfs-direct-io-fix-2:
NFS: Fix a refcount leakage in O_DIRECT [#336200]
- add patches.drivers/ibmvscsi-migration-login.patch
prohibit IO during adapter login process [#337980]
- patches.arch/acpi_thinkpad_brightness_fix.patch:
Take care of latest Lenovo ThinkPad brightness control [#338274]
[#343660]
- patches.fixes/ramdisk-2.6.23-corruption_fix.diff:
rd: fix data corruption on memory pressure [#338643]
- patches.fixes/fc_transport-remove-targets-on-host-remove:
memory use after free error in mptfc [#338730]
- patches.fixes/ipmi-ipmi_msghandler.c-fix-a-memory-leak.patch:
IPMI: ipmi_msghandler.c: fix a memory leak [#339413]
- add patches.arch/ppc-pseries-rtas_ibm_suspend_me.patch
fix multiple bugs in rtas_ibm_suspend_me code [#339927]
- patches.fixes/nfsacl-retval.diff:
knfsd: fix spurious EINVAL errors on first access of new filesystem
[#340873]
- patches.fixes/avm-fix-capilib-locking:
[ISDN] Fix random hard freeze with AVM cards. [#341894]
- patches.fixes/ipv6_rh_processing_fix:
[IPV6]: Restore semantics of Routing Header processing [#343100]
- The following set of XEN fixes has been applied: [#343612]
+ patches.xen/14280-net-fake-carrier-flag.patch:
netfront: Better fix for netfront_tx_slot_available().
+ patches.xen/14893-copy-more-skbs.patch:
netback: Copy skbuffs that are presented to the start_xmit() function.
+ patches.xen/157-netfront-skb-deref.patch:
net front: Avoid deref'ing skb after it is potentially freed.
+ patches.xen/263-xfs-unmap.patch:
xfs: eagerly remove vmap mappings to avoid upsetting Xen.
+ patches.xen/xen-i386-set-fixmap:
i386/PAE: avoid temporarily inconsistent pte-s.
+ patches.xen/xen-isa-dma: Suppress all use of ISA DMA on Xen.
+ patches.xen/xen-x86-panic-smp,
+ patches.xen/xen-netback-alloc,
+ patches.xen/xen-split-pt-lock,
+ patches.xen/137-netfront-copy-release.patch,
+ patches.xen/141-driver-autoload.patch,
+ patches.xen/xen-balloon-max-target,
+ patches.xen/xen-balloon-min,
+ patches.xen/xen-i386-highpte,
+ patches.xen/xen-intel-agp,
+ patches.xen/xen-multicall-check,
+ patches.xen/xen-x86-dcr-fallback,
+ patches.xen/xen-x86-pXX_val,
+ patches.xen/xen-x86-performance: Adjust.
- patches.arch/acpi_backport_video.c.patch: Backport video driver
from 2.6.23-rc9 [#343660]
- patches.arch/acpi_find_bcl_support.patch: Store brightness/video
functionality of ACPI provided by BIOS [#343660]

Fixes for ia64:

- patches.fixes/fix-the-graphic-corruption-issue-on-ia64-machines.patch:
Fix the graphic corruption issue on IA64 machines [#241041]


Fixes for S/390:

- IBM Patchcluster 18 [#333421,#340129,#341000]

- Problem-ID: 39323 - qeth: discard inbound packets with unknown
header id
- Problem-ID: 39542 - cio: Incorrect check for activity in cmf
- Problem-ID: 38321 - kernel: Reboot of large z/VM guests takes
a lot of time
- Problem-ID: 40293 - kernel: pfault disabled
- Problem-ID: 40296 - cio: change device sense procedure to work
with PAV aliases
- Problem-ID: 39981 - zfcp: Remove SCSI devices when removing
complete adapter
- Problem-ID: 40331 - zfcp: Deadlock when adding invalid LUN
- Problem-ID: 40333 - zfcp: Reduce flood on hba trace

- Fix kprobe on 'bc' instruction [#301563]

For further description of the named Problem-IDs, please look to

http://www-128.ibm.com/developerworks/linux/linux390/october2005_recommended.html

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please reboot the machine after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.


x86 Platform:

SUSE LINUX 10.1:

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-bigsmp-2.6.16.54-0.2.3.i586.rpm
6f15faaef5af308b725787c1d88f112a

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-debug-2.6.16.54-0.2.3.i586.rpm
9525009234aab6813f6f854a66b1d332

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-default-2.6.16.54-0.2.3.i586.rpm
dd2efcc904dd0d3a29230b4254df5099

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-kdump-2.6.16.54-0.2.3.i586.rpm
98ce0faa78895190bf9e64a7e42f8102

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-smp-2.6.16.54-0.2.3.i586.rpm
6bd7536a4eac2167d0f84c1a7649b75c

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-source-2.6.16.54-0.2.3.i586.rpm
1b90fdb176e5c70a9fecc566640fa431

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-syms-2.6.16.54-0.2.3.i586.rpm
f010441a631a2d7641e02c9fc7391623

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-um-2.6.16.54-0.2.3.i586.rpm
7c4de26d65a353d98ede656a215c1465

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xen-2.6.16.54-0.2.3.i586.rpm
a68f1dd46146a368b595bbfa9e8974c3

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xenpae-2.6.16.54-0.2.3.i586.rpm
2dfcf234bcf43c80f7732a027f63474e

Power PC Platform:

SUSE LINUX 10.1:

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-default-2.6.16.54-0.2.3.ppc.rpm
9dc8abfa4939e987cee59dcee1ad7eef

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-iseries64-2.6.16.54-0.2.3.ppc.rpm
94fecb76b7d1844555d2ad59b5cb11f7

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-kdump-2.6.16.54-0.2.3.ppc.rpm
29407fb5ea13920c576124fbfc7058f3

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-ppc64-2.6.16.54-0.2.3.ppc.rpm
6c2c816b200c862b5a0accf3606c0ecb

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-source-2.6.16.54-0.2.3.ppc.rpm
6f3cbc3b1301b4a20fe9d31278eb2673

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-syms-2.6.16.54-0.2.3.ppc.rpm
76da58e98bbb5c82d829228555ea9b30

x86-64 Platform:

SUSE LINUX 10.1:

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-debug-2.6.16.54-0.2.3.x86_64.rpm
79016901a4789fb33b576702366e4261

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-default-2.6.16.54-0.2.3.x86_64.rpm
b4e1255f219f538b5216c0d2c48bc284

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-kdump-2.6.16.54-0.2.3.x86_64.rpm
eca119a9f05615554a71b95ffd9ac19e

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-smp-2.6.16.54-0.2.3.x86_64.rpm
7039c9fa22a45ea85a5f8593c5e83240

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-source-2.6.16.54-0.2.3.x86_64.rpm
6053ae084b5fd1aa8afc36f236a1c4ac

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-syms-2.6.16.54-0.2.3.x86_64.rpm
05f59e6811aa70b503b480992d16b803

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-xen-2.6.16.54-0.2.3.x86_64.rpm
55055698c360d9141b19a78d16b2ce92

Sources:

SUSE LINUX 10.1:

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-bigsmp-2.6.16.54-0.2.3.nosrc.rpm
7d2b729a49e5f07751ab278e1e7f0e37

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-debug-2.6.16.54-0.2.3.nosrc.rpm
3424b94d005cddc22edaaf2b3cfffb45

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-default-2.6.16.54-0.2.3.nosrc.rpm
2bfe7bd219c63724e1b7291fce3f20bd

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-iseries64-2.6.16.54-0.2.3.nosrc.rpm
2ee076e515f72cfc068f0190302555b5

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-kdump-2.6.16.54-0.2.3.nosrc.rpm
715be91891a3f1d8a2db1f8175cd42a0

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-ppc64-2.6.16.54-0.2.3.nosrc.rpm
0429200453d01761390ab1b5518e1fc7

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-smp-2.6.16.54-0.2.3.nosrc.rpm
2566454d832c10cfdd84c5da3e9cddac

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-source-2.6.16.54-0.2.3.src.rpm
8b654ab7024914969215714520e05e4f

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-syms-2.6.16.54-0.2.3.src.rpm
cd9922e7e404d210b1f03ef48a37a5af

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-um-2.6.16.54-0.2.3.nosrc.rpm
ddf9fdd3f8e12eceef84ee6de4340f14

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xen-2.6.16.54-0.2.3.nosrc.rpm
1d7a7057876ce2550579bf424aa39bff

ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xenpae-2.6.16.54-0.2.3.nosrc.rpm
ae4ef7118f0b59ad169e3871fdfe3c54

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:

SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T

http://support.novell.com/techcenter/psdb/cedebf2070cadf7ee6c941a4d0e6eba0.html

SUSE Linux Enterprise 10 SP1 DEBUGINFO for IBM zSeries 64bit

http://support.novell.com/techcenter/psdb/eb9711b9868acd247e9ed0be3bb86142.html

SUSE Linux Enterprise 10 SP1 DEBUGINFO for IBM POWER

http://support.novell.com/techcenter/psdb/37043bf4ccbd3272d8b7e37b6b76768b.html

SUSE Linux Enterprise 10 SP1 DEBUGINFO for IPF

http://support.novell.com/techcenter/psdb/381410915cb05a9468010a8d5853c966.html

SUSE Linux Enterprise Server 10 SP1

http://support.novell.com/techcenter/psdb/cedebf2070cadf7ee6c941a4d0e6eba0.html

http://support.novell.com/techcenter/psdb/eb9711b9868acd247e9ed0be3bb86142.html

http://support.novell.com/techcenter/psdb/37043bf4ccbd3272d8b7e37b6b76768b.html

http://support.novell.com/techcenter/psdb/381410915cb05a9468010a8d5853c966.html

http://support.novell.com/techcenter/psdb/9bd2fb953279a9c0f9e9b139ba46d357.html

SLE SDK 10 SP1

http://support.novell.com/techcenter/psdb/cedebf2070cadf7ee6c941a4d0e6eba0.html

http://support.novell.com/techcenter/psdb/37043bf4ccbd3272d8b7e37b6b76768b.html

http://support.novell.com/techcenter/psdb/381410915cb05a9468010a8d5853c966.html

http://support.novell.com/techcenter/psdb/9bd2fb953279a9c0f9e9b139ba46d357.html

SUSE Linux Enterprise 10 SP1 DEBUGINFO

http://support.novell.com/techcenter/psdb/cedebf2070cadf7ee6c941a4d0e6eba0.html

http://support.novell.com/techcenter/psdb/37043bf4ccbd3272d8b7e37b6b76768b.html

http://support.novell.com/techcenter/psdb/381410915cb05a9468010a8d5853c966.html

http://support.novell.com/techcenter/psdb/9bd2fb953279a9c0f9e9b139ba46d357.html

SUSE Linux Enterprise Desktop 10 SP1

http://support.novell.com/techcenter/psdb/cedebf2070cadf7ee6c941a4d0e6eba0.html

http://support.novell.com/techcenter/psdb/9bd2fb953279a9c0f9e9b139ba46d357.html

SUSE Linux Enterprise Desktop 10 SP1 for x86

http://support.novell.com/techcenter/psdb/9bd2fb953279a9c0f9e9b139ba46d357.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

- Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg --verify <file>

replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@xxxxxxx>"

where <DATE> is replaced by the date the document was signed.

If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

- Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:

1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement

1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v --checksig <file.rpm>

to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@xxxxxxx with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.

2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command

md5sum <filename.rpm>

after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@xxxxxxx), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.

- SUSE runs two security mailing lists to which any interested party may
subscribe:

opensuse-security@xxxxxxxxxxxx
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@xxxxxxxxxxxx>.

opensuse-security-announce@xxxxxxxxxxxx
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@xxxxxxxxxxxx>.

=====================================================================
SUSE's security contact is <security@xxxxxxxx> or <security@xxxxxxx>.
The <security@xxxxxxx> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@xxxxxxx>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@xxxxxxx>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iQEVAwUBR1UyoXey5gA9JdPZAQIJEQf/U7R0nPLBTk9oLx88nyrCKMbvFB1EvBLx
d7hnMItmy6R/7NK/7Go2x9xkyo15oiVglYTc5xtC0pgdWta5XKFw1MwfaRAgesji
JY/a8r8kX00rPpZ1PMwLBBF04RIDdodpmiz9/mJNHTbOn8OXozlyNalRHfrj/X60
WBijH/sUJaRYNuYxw5+lEN5QJu4JKK5hRtnTr/y9nRyksAOuiVzEfIeYD0nD/JF8
IP0A0OWWkAM8p5EwfHNqENf1dn9vraz3yA0i1xPc9GX5KVuFCk4gKAYt31NedeSJ
hrAcjwRsPDgAT1z9Dl2d+74M48H74S4ddJVqqlvAVgHtn/WmC0XBzg==
=ETLj
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages