Re: [suse-security-announce] SUSE Security Announcement: kernel bugfixes and SP1 merge (SUSE-SA:2005:005)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2005-02-04 at 18:01 +0100, Marcus Meissner wrote:
______________________________________________________________________________
SUSE Security Announcement
Package: kernel Announcement-ID: SUSE-SA:2005:005 Date: Friday, Feb 4th 2005 18:00 MET Affected products: SUSE Linux 9.1 SUSE Linux Enterprise Server 9 Vulnerability Type: critical bugs Severity (1-10): 6 SUSE default package: yes Cross References:
Content of this advisory: 1) security vulnerability resolved: - Merged various security fixes from previous kernel update - SUSE Linux 9.1 kernel upgraded to SLES 9 Service Pack 1 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - see SUSE Security Summary report. 6) standard appendix (further information)
This kernel update by YOU (SuSE 9.1) forgets to run mk_initrd (same as previous update, as reported here), there is not cute splash border int tty1, and system crashes (blank screen at level 5, no ssh). Managed to boot into runlevel 3. /var/log/boot.msg: 198 <6>bootsplash 3.1.6-2004/03/31: looking for picture...<6>...no good signature found. <4>Console: switching to colour frame buffer device 128x48 268: <5>RAMDISK: Compressed image found at block 0 <3>RAMDISK: ran out of compressed data <3>invalid compressed format (err=1) <4>EXT2-fs warning (device hdb6): ext2_fill_super: mounting ext3 filesystem as ext2 Crashed boot log (/var/log/boot.omsg) last entries are: Starting service wdm<notice>startproc: execve (/usr/X11R6/bin/wdm) [ /usr/X11R6/bin/wdm ], [ LC_MONETARY= CONSOLE=/dev/console TERM=linux SHELL=/bin/sh LC_NUMERIC= QTDIR=/usr/lib/qt3 LC_ALL= progress=52 INIT_VERSION=sysvinit-2.85 KDEROOTHOME=/root/.kdm REDIRECT=/dev/tty1 COLUMNS=128 PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin LC_MESSAGES= vga=0x317 RUNLEVEL=5 LC_COLLATE=POSIX PWD=/ LANG=en_US.UTF-8 PREVLEVEL=N LINES=48 SHLVL=2 XCURSOR_THEME=crystalwhite no_proxy=localhost WINDOWMANAGER=/usr/X11R6/bin/kde LC_CTYPE=en_US.UTF-8 splash=verbose sscripts=59 LC_TIME= _=/sbin/startproc DAEMON=/usr/X11R6/bin/wdm ] done <notice>exit status of (xdm atd) is (0 0) <notice>start services (apache2) Starting httpd2 (prefork) <notice>startproc: execve (/usr/sbin/httpd2-prefork) [ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf ], [ CONSOLE=/dev/console TERM=linux SHELL=/bin/sh get_module_list_done=true progress=54 INIT_VERSION=sysvinit-2.85 REDIRECT=/dev/tty1 COLUMNS=128 get_includes_done=true PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin vga=0x317 RUNLEVEL=5 PWD=/ PREVLEVEL=N LINES=48 SHLVL=2 splash=verbose sscripts=59 _=/sbin/startproc DAEMON=/usr/sbin/httpd2-prefork ] Nvdia crashed; I had to revert to driver nv instead of nvidia to get into X. I tried a second time while from another PC I was looking at /var/log/warn through ssh, and these are the last lines I saw as soon as I typed init 5: Feb 7 11:55:55 nimrodel kernel: nvidia: unsupported module, tainting kernel. Feb 7 11:55:55 nimrodel kernel: nvidia: module license 'NVIDIA' taints kernel. Feb 7 11:55:55 nimrodel kernel: 0: nvidia: loading NVIDIA Linux x86 NVIDIA Kernel Module 1.0-5336 Wed Jan 14 18:29:26 PST 2004 And then also ssh crashed - but ping worked. Log files were devoid of those lines. - From the date of the nvidia module above, it was not updated - in fact, it is a year old! Where is that one coming from? Perhaps: -rw-r--r-- 1 root root 44699 2005-02-02 19:12 /lib/modules/scripts/nvidia/2.6.5-7.145-default/nv-linux.o-1.0-5336 -rw-r--r-- 1 root root 44866 2005-02-02 19:12 /lib/modules/precompiled/2.6.5-7.145-default/nvidia/gfx/nv-linux.o-1.0-5336.pre anyway, that one breaks with the new kernel update. And it came with the update. System versions: nimrodel:~ # uname -a Linux nimrodel 2.6.5-7.145-default #1 Thu Jan 27 09:19:29 UTC 2005 i686 i686 i386 GNU/Linux nimrodel:~ # cat /proc/version Linux version 2.6.5-7.145-default (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 Thu Jan 27 09:19:29 UTC 2005 nimrodel:~ # cat /etc/SuSE-release SuSE Linux 9.1 (i586) VERSION = 9.1 - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFCB7xntTMYHG2NR9URAkEvAJsEyz8ULJ/u9CdJm5WfrZ1PkMkLuQCglJcL TAeExcFmGZYBqLhvC6cGrP4= =nJxZ -----END PGP SIGNATURE-----
you can solve the problem by updating to latest 6629 nvidia driver, it works Pavel Dne po 7. února 2005 20:07 Carlos E. R. napsal(a):
The Friday 2005-02-04 at 18:01 +0100, Marcus Meissner wrote:
_________________________________________________________________________ _____
SUSE Security Announcement
Package: kernel Announcement-ID: SUSE-SA:2005:005 Date: Friday, Feb 4th 2005 18:00 MET Affected products: SUSE Linux 9.1 SUSE Linux Enterprise Server 9 Vulnerability Type: critical bugs Severity (1-10): 6 SUSE default package: yes Cross References:
Content of this advisory: 1) security vulnerability resolved: - Merged various security fixes from previous kernel update - SUSE Linux 9.1 kernel upgraded to SLES 9 Service Pack 1 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - see SUSE Security Summary report. 6) standard appendix (further information)
This kernel update by YOU (SuSE 9.1) forgets to run mk_initrd (same as previous update, as reported here), there is not cute splash border int tty1, and system crashes (blank screen at level 5, no ssh). Managed to boot into runlevel 3.
/var/log/boot.msg:
198 <6>bootsplash 3.1.6-2004/03/31: looking for picture...<6>...no good signature found. <4>Console: switching to colour frame buffer device 128x48
268: <5>RAMDISK: Compressed image found at block 0 <3>RAMDISK: ran out of compressed data <3>invalid compressed format (err=1) <4>EXT2-fs warning (device hdb6): ext2_fill_super: mounting ext3 filesystem as ext2
Crashed boot log (/var/log/boot.omsg) last entries are:
Starting service wdm<notice>startproc: execve (/usr/X11R6/bin/wdm) [ /usr/X11R6/bin/wdm ], [ LC_MONETARY= CONSOLE=/dev/console TERM=linux SHELL=/bin/sh LC_NUMERIC= QTDIR=/usr/lib/qt3 LC_ALL= progress=52 INIT_VERSION=sysvinit-2.85 KDEROOTHOME=/root/.kdm REDIRECT=/dev/tty1 COLUMNS=128 PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin LC_MESSAGES= vga=0x317 RUNLEVEL=5 LC_COLLATE=POSIX PWD=/ LANG=en_US.UTF-8 PREVLEVEL=N LINES=48 SHLVL=2 XCURSOR_THEME=crystalwhite no_proxy=localhost WINDOWMANAGER=/usr/X11R6/bin/kde LC_CTYPE=en_US.UTF-8 splash=verbose sscripts=59 LC_TIME= _=/sbin/startproc DAEMON=/usr/X11R6/bin/wdm ] done <notice>exit status of (xdm atd) is (0 0) <notice>start services (apache2) Starting httpd2 (prefork) <notice>startproc: execve (/usr/sbin/httpd2-prefork) [ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf ], [ CONSOLE=/dev/console TERM=linux SHELL=/bin/sh get_module_list_done=true progress=54 INIT_VERSION=sysvinit-2.85 REDIRECT=/dev/tty1 COLUMNS=128 get_includes_done=true PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin vga=0x317 RUNLEVEL=5 PWD=/ PREVLEVEL=N LINES=48 SHLVL=2 splash=verbose sscripts=59 _=/sbin/startproc DAEMON=/usr/sbin/httpd2-prefork ]
Nvdia crashed; I had to revert to driver nv instead of nvidia to get into X. I tried a second time while from another PC I was looking at /var/log/warn through ssh, and these are the last lines I saw as soon as I typed init 5:
Feb 7 11:55:55 nimrodel kernel: nvidia: unsupported module, tainting kernel. Feb 7 11:55:55 nimrodel kernel: nvidia: module license 'NVIDIA' taints kernel. Feb 7 11:55:55 nimrodel kernel: 0: nvidia: loading NVIDIA Linux x86 NVIDIA Kernel Module 1.0-5336 Wed Jan 14 18:29:26 PST 2004
And then also ssh crashed - but ping worked. Log files were devoid of those lines.
From the date of the nvidia module above, it was not updated - in fact, it is a year old! Where is that one coming from? Perhaps:
-rw-r--r-- 1 root root 44699 2005-02-02 19:12 /lib/modules/scripts/nvidia/2.6.5-7.145-default/nv-linux.o-1.0-5336 -rw-r--r-- 1 root root 44866 2005-02-02 19:12 /lib/modules/precompiled/2.6.5-7.145-default/nvidia/gfx/nv-linux.o-1.0-5336 .pre
anyway, that one breaks with the new kernel update. And it came with the update.
System versions:
nimrodel:~ # uname -a Linux nimrodel 2.6.5-7.145-default #1 Thu Jan 27 09:19:29 UTC 2005 i686 i686 i386 GNU/Linux nimrodel:~ # cat /proc/version Linux version 2.6.5-7.145-default (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 Thu Jan 27 09:19:29 UTC 2005 nimrodel:~ # cat /etc/SuSE-release SuSE Linux 9.1 (i586) VERSION = 9.1
-- Cheers, Carlos Robinson
The Monday 2005-02-07 at 20:42 +0100, Pavel wrote:
you can solve the problem by updating to latest 6629 nvidia driver, it works
I know, but I don't want to. I want SuSE updates to work, and by doing that all future YOU updates will fail. That is contrary to SuSE policy of maintaining the same versions during each distro life. -- Cheers, Carlos Robinson
After upgrade to kernel-2.6.5-7.145-default on boot my network card - 3Com 59X(Boomerang) not running and in log I see following error: eth0: Dropping NETIF_F_SG since no checksum feature. With lsmod I see that the kernel module for network card loading correctly(load module 3C59X). When I logging to console and restart network (rcnetwork restart) the interface up and network work fine. In RedHat mailing lists I see that the problem can be with kudzu, but in my configuration no services running before network.
We have seen something that might be similar with kernel versions beyond 2.6.5-7.111-default and an intel computer running with an LSI 320-1 hardware RAID controller. The megaraid and megaraid_mm modules are loaded after boot, but during boot something is missing as /dev/sda1 (RAID array) will not mount during boot, but will mount after boot.... Mike Rose On Tue, 8 Feb 2005, Vladimir Potapov wrote:
After upgrade to kernel-2.6.5-7.145-default on boot my network card - 3Com 59X(Boomerang) not running and in log I see following error:
eth0: Dropping NETIF_F_SG since no checksum feature.
With lsmod I see that the kernel module for network card loading correctly(load module 3C59X). When I logging to console and restart network (rcnetwork restart) the interface up and network work fine. In RedHat mailing lists I see that the problem can be with kudzu, but in my configuration no services running before network.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi, It seems I am more awake today. A bit of testing using /etc/init.d/boot.localfs " lsmod > /root/lsmod.list " showed that the megaraid module is loaded with a 2.6.5-7.111-default kernel, but not with 2.6.5-7.145-default So: lsmod > /root/lsmod.list # Load the megaraid module as kernels more recent than 2.6.5-7.111-default # do not seem to want to modprobe -a megaraid #lsmod > /root/lsmod_after.list showed the megaraid module being loaded and the file system being mounted during boot with 2.6.5-7.145-default, from fstab: /dev/sda1 /raid5 ext3 defaults,usrquota,grpquota 0 2 I did try loading both megaraid and megaraid_mm, but that caused raidmon to screw up: lsmod > /root/lsmod.list # Load the megaraid module as kernels more recent than 2.6.5-7.111-default # do not seem to want to modprobe -a megaraid modprobe -a megaraid_mm lsmod > /root/lsmod_after.list as this bit in raidmon did not work: " megadevice="megadev0" rm -f /dev/$megadevice 2>/dev/null megamajor=`cat /proc/devices|gawk '/megadev/{print$1}' ` mknod /dev/$megadevice c $megamajor 0 2>/dev/null " and this test: " # New check: 10-31-01: Does node exist if [ ! -c /dev/$megadevice ] then echo " Character Device Node /dev/$megadevice does not exist. Raid Monitor could not be started " exit 1 fi " failed due to a lack of /dev/megadev0 there seemed to be two entries in /proc/devices matching '/megadev/{print$1}' so fair enough. I guess that network card problem could be something similar with kernel modules. Maybe a simple bit of testing using /etc/init.d/network will find something?? On Tue, 8 Feb 2005, Mike Rose wrote:
We have seen something that might be similar with kernel versions beyond 2.6.5-7.111-default and an intel computer running with an LSI 320-1 hardware RAID controller. The megaraid and megaraid_mm modules are loaded after boot, but during boot something is missing as /dev/sda1 (RAID array) will not mount during boot, but will mount after boot....
Mike Rose
On Tue, 8 Feb 2005, Vladimir Potapov wrote:
After upgrade to kernel-2.6.5-7.145-default on boot my network card - 3Com 59X(Boomerang) not running and in log I see following error:
eth0: Dropping NETIF_F_SG since no checksum feature.
With lsmod I see that the kernel module for network card loading correctly(load module 3C59X). When I logging to console and restart network (rcnetwork restart) the interface up and network work fine. In RedHat mailing lists I see that the problem can be with kudzu, but in my configuration no services running before network.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (4)
-
Carlos E. R.
-
Mike Rose
-
Pavel
-
Vladimir Potapov