[SuSE Linux] suse linux kernel security issue
good day all ... there is a security issue with suse 2.2.x kernels, please see this url: <A HREF="http://linuxtoday.com/stories/6488.html"><A HREF="http://linuxtoday.com/stories/6488.html</A">http://linuxtoday.com/stories/6488.html</A</A>> i assume this is only the suse built kernels, and kernels compiled from source are free of this bug? -- -- michael -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
Hi, On Fri, Jun 04, mgx@spruce.lsd.ornl.gov wrote:
good day all ...
there is a security issue with suse 2.2.x kernels, please see this url:
<A HREF="http://linuxtoday.com/stories/6488.html"><A HREF="http://linuxtoday.com/stories/6488.html</A">http://linuxtoday.com/stories/6488.html</A</A>>
i assume this is only the suse built kernels, and kernels compiled from source are free of this bug?
No, see the beginning of the announcement: Affected: All Linux systems using kernel 2.2.x The solution is just a one-liner. I'm appending it, so there's no need to download the whole thing. -------------------------------------------------------------------------- diff -urN linux-2.2.7/net/ipv4/ip_options.c linux-2.2.7.SuSE/net/ipv4/ip_options.c --- linux-2.2.7/net/ipv4/ip_options.c Sun Mar 21 16:22:00 1999 +++ linux-2.2.7.SuSE/net/ipv4/ip_options.c Wed Jun 2 17:52:05 1999 @@ -452,7 +452,6 @@ error: if (skb) { icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24)); - kfree_skb(skb); } return -EINVAL; } --------------------------------------------------------------------------
-- michael -o) Hubert Mantel Goodbye, dots... /\\ _\_v
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
So if one changes the lines in the 2.2.5 kernel that are listed below .. does one then have to recompile? If so downloading a new kernel that has this fixed might not be a bad idea :)
-------------------------------------------------------------------------- diff -urN linux-2.2.7/net/ipv4/ip_options.c linux-2.2.7.SuSE/net/ipv4/ip_options.c --- linux-2.2.7/net/ipv4/ip_options.c Sun Mar 21 16:22:00 1999 +++ linux-2.2.7.SuSE/net/ipv4/ip_options.c Wed Jun 2 17:52:05 1999 @@ -452,7 +452,6 @@ error: if (skb) { icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24)); - kfree_skb(skb); } return -EINVAL; } --------------------------------------------------------------------------
-- Ben Rosenberg |---| <A HREF="mailto:dragula@anet-stl.com">mailto:dragula@anet-stl.com</A> "Workstation powered by SuSE LiNUX" -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
On Fri, 4 Jun 1999, Ben Rosenberg wrote:
So if one changes the lines in the 2.2.5 kernel that are listed below .. does one then have to recompile?
Yes.
If so downloading a new kernel that has this fixed might not be a bad idea :)
Recompiling kernels isn't hard. -- Rachel -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
Rachel, Yeah, I know :)
Recompiling kernels isn't hard.
Cheers, :) -- Ben Rosenberg |---| <A HREF="mailto:dragula@anet-stl.com">mailto:dragula@anet-stl.com</A> "Workstation powered by SuSE LiNUX" -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
According to this link: <A HREF="http://linuxtoday.com/stories/6488.html"><A HREF="http://linuxtoday.com/stories/6488.html</A">http://linuxtoday.com/stories/6488.html</A</A>> you don't need to recompile the kernel. You should be able to download it? It's not difficult to compile the kernel. But when you're not used to it it might take some time as there are a lot of settings. If you think about compiling the kernel yourself keep in mind that it will take some time before everything is working again. For me at least it was like that. I compile the kernels myself ever since kernel 2.0.32. I'm now using kernel 2.3.5 . Regards, Joop Boonen. Ben Rosenberg wrote:
Rachel,
Yeah, I know :)
Recompiling kernels isn't hard.
Cheers, :) -- Ben Rosenberg |---| <A HREF="mailto:dragula@anet-stl.com">mailto:dragula@anet-stl.com</A> "Workstation powered by SuSE LiNUX" -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
At 09:27 AM 6/4/99 -0400, mgx@spruce.lsd.ornl.gov wrote:
good day all ...
there is a security issue with suse 2.2.x kernels, please see this url:
<A HREF="http://linuxtoday.com/stories/6488.html"><A HREF="http://linuxtoday.com/stories/6488.html</A">http://linuxtoday.com/stories/6488.html</A</A>>
i assume this is only the suse built kernels, and kernels compiled from source are free of this bug?
Actually, I believe this may be SuSE incorporating the fix discussed below into their version of the kernel: <A HREF="http://linuxtoday.com/stories/6423.html"><A HREF="http://linuxtoday.com/stories/6423.html</A">http://linuxtoday.com/stories/6423.html</A</A>> Mike -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
On Fri, 4 Jun 1999 mgx@spruce.lsd.ornl.gov wrote:
good day all ...
there is a security issue with suse 2.2.x kernels, please see this url:
<A HREF="http://linuxtoday.com/stories/6488.html"><A HREF="http://linuxtoday.com/stories/6488.html</A">http://linuxtoday.com/stories/6488.html</A</A>>
i assume this is only the suse built kernels, and kernels compiled from source are free of this bug?
No, this is a general kernel problem in the whole 2.2 range. I patched mine manually when the fix was first announced, on Tuesday, on my 2.2.9 machines. :-) It's just a matter of removing or commenting out one line. -- Rachel -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
participants (6)
-
dragula@anet-stl.com -
jboonen@worldonline.nl -
mantel@suse.de -
mcurry@io.com -
mgx@spruce.lsd.ornl.gov -
rachel@enlarion.demon.co.uk