-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2005-02-04 at 18:01 +0100, Marcus Meissner wrote:
______________________________________________________________________________
SUSE Security Announcement
Package: kernel Announcement-ID: SUSE-SA:2005:005 Date: Friday, Feb 4th 2005 18:00 MET Affected products: SUSE Linux 9.1 SUSE Linux Enterprise Server 9 Vulnerability Type: critical bugs Severity (1-10): 6 SUSE default package: yes Cross References:
Content of this advisory: 1) security vulnerability resolved: - Merged various security fixes from previous kernel update - SUSE Linux 9.1 kernel upgraded to SLES 9 Service Pack 1 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - see SUSE Security Summary report. 6) standard appendix (further information)
This kernel update by YOU (SuSE 9.1) forgets to run mk_initrd (same as previous update, as reported here), there is not cute splash border int tty1, and system crashes (blank screen at level 5, no ssh). Managed to boot into runlevel 3. /var/log/boot.msg: 198 <6>bootsplash 3.1.6-2004/03/31: looking for picture...<6>...no good signature found. <4>Console: switching to colour frame buffer device 128x48 268: <5>RAMDISK: Compressed image found at block 0 <3>RAMDISK: ran out of compressed data <3>invalid compressed format (err=1) <4>EXT2-fs warning (device hdb6): ext2_fill_super: mounting ext3 filesystem as ext2 Crashed boot log (/var/log/boot.omsg) last entries are: Starting service wdm<notice>startproc: execve (/usr/X11R6/bin/wdm) [ /usr/X11R6/bin/wdm ], [ LC_MONETARY= CONSOLE=/dev/console TERM=linux SHELL=/bin/sh LC_NUMERIC= QTDIR=/usr/lib/qt3 LC_ALL= progress=52 INIT_VERSION=sysvinit-2.85 KDEROOTHOME=/root/.kdm REDIRECT=/dev/tty1 COLUMNS=128 PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin LC_MESSAGES= vga=0x317 RUNLEVEL=5 LC_COLLATE=POSIX PWD=/ LANG=en_US.UTF-8 PREVLEVEL=N LINES=48 SHLVL=2 XCURSOR_THEME=crystalwhite no_proxy=localhost WINDOWMANAGER=/usr/X11R6/bin/kde LC_CTYPE=en_US.UTF-8 splash=verbose sscripts=59 LC_TIME= _=/sbin/startproc DAEMON=/usr/X11R6/bin/wdm ] done <notice>exit status of (xdm atd) is (0 0) <notice>start services (apache2) Starting httpd2 (prefork) <notice>startproc: execve (/usr/sbin/httpd2-prefork) [ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf ], [ CONSOLE=/dev/console TERM=linux SHELL=/bin/sh get_module_list_done=true progress=54 INIT_VERSION=sysvinit-2.85 REDIRECT=/dev/tty1 COLUMNS=128 get_includes_done=true PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin vga=0x317 RUNLEVEL=5 PWD=/ PREVLEVEL=N LINES=48 SHLVL=2 splash=verbose sscripts=59 _=/sbin/startproc DAEMON=/usr/sbin/httpd2-prefork ] Nvdia crashed; I had to revert to driver nv instead of nvidia to get into X. I tried a second time while from another PC I was looking at /var/log/warn through ssh, and these are the last lines I saw as soon as I typed init 5: Feb 7 11:55:55 nimrodel kernel: nvidia: unsupported module, tainting kernel. Feb 7 11:55:55 nimrodel kernel: nvidia: module license 'NVIDIA' taints kernel. Feb 7 11:55:55 nimrodel kernel: 0: nvidia: loading NVIDIA Linux x86 NVIDIA Kernel Module 1.0-5336 Wed Jan 14 18:29:26 PST 2004 And then also ssh crashed - but ping worked. Log files were devoid of those lines. - From the date of the nvidia module above, it was not updated - in fact, it is a year old! Where is that one coming from? Perhaps: -rw-r--r-- 1 root root 44699 2005-02-02 19:12 /lib/modules/scripts/nvidia/2.6.5-7.145-default/nv-linux.o-1.0-5336 -rw-r--r-- 1 root root 44866 2005-02-02 19:12 /lib/modules/precompiled/2.6.5-7.145-default/nvidia/gfx/nv-linux.o-1.0-5336.pre anyway, that one breaks with the new kernel update. And it came with the update. System versions: nimrodel:~ # uname -a Linux nimrodel 2.6.5-7.145-default #1 Thu Jan 27 09:19:29 UTC 2005 i686 i686 i386 GNU/Linux nimrodel:~ # cat /proc/version Linux version 2.6.5-7.145-default (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 Thu Jan 27 09:19:29 UTC 2005 nimrodel:~ # cat /etc/SuSE-release SuSE Linux 9.1 (i586) VERSION = 9.1 - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFCB7xntTMYHG2NR9URAkEvAJsEyz8ULJ/u9CdJm5WfrZ1PkMkLuQCglJcL TAeExcFmGZYBqLhvC6cGrP4= =nJxZ -----END PGP SIGNATURE-----