Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 104	Published: Fri, 08 Feb 2008 23:14:48  GMT

New Fixlets:
============

***************************************************************
Title: PATCH-B8020501 - Security update for cairo - SLED10/SLES10
Severity: <Unspecified>
Fixlet ID: 802050101
Fixlet Link: http://support.novell.com/techcenter/psdb/d3c3fe596d357aa5518e0b8765c783ca.html

Fixlet Description: This update of cairo fixes several integer overflows while decoding PNG images. This can be exploited remotely with user-assistance to execute arbitrary code.  (CVE-2007-5503) Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8020503 - Security update for PostgreSQL - SLED10
Severity: <Unspecified>
Fixlet ID: 802050303
Fixlet Link: http://support.novell.com/techcenter/psdb/ffe18637db4f850c8f7a496168b1e74a.html

Fixlet Description: This version update to 7.4.19 fixes among other things several security issues:    Index Functions Privilege Escalation: CVE-2007-6600    Regular Expression Denial-of-Service: CVE-2007-4772,         CVE-2007-6067, CVE-2007-4769    DBLink Privilege Escalation: CVE-2007-6601 Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8020503 - Security update for PostgreSQL - SLES10
Severity: &lt;Unspecified&gt;
Fixlet ID: 802050304

Fixlet Description: This version update to 7.4.19 fixes among other things several security issues:    Index Functions Privilege Escalation: CVE-2007-6600    Regular Expression Denial-of-Service: CVE-2007-4772,         CVE-2007-6067, CVE-2007-4769    DBLink Privilege Escalation: CVE-2007-6601 Everyone should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8020701 - Security update for Linux kernel - SLES10
Severity: <Unspecified>
Fixlet ID: 802070101
Fixlet Link: http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html

Fixlet Description: This kernel update fixes the following security problems:    CVE-2008-0007: Insufficient range checks in certain fault handlers        could be used by local attackers to potentially read or write kernel        memory.     CVE-2008-0001: Incorrect access mode checks could be used by local        attackers to corrupt directory contents and so cause denial of service        attacks or potentially execute code.     CVE-2007-5966: Integer overflow in the hrtimer_start function in        kernel/hrtimer. c in the Linux kernel before 2.6.23.10 allows local        users to execute arbitrary code or cause a denial of service (panic)        via a large relative timeout value. NOTE: some of these details are        obtained from third party information.     CVE-2007-6417: The shmem_getpage function (mm/shmem. c) in Linux kernel        2.6.11 through 2.6.23 does not properly clear allocated memory in some        rare circumstances, which might allow local users to read sensitive        kernel data or cause a denial of service (crash).  Additionally the following bugfixes have been included for all platforms:    patches. suse/bootsplash: Bootsplash for current kernel (none).        patch the patch for Bug 345980.    patches. fixes/megaraid-fixup-driver-version: Megaraid driver        version out of sync (299740).            OCFS2: Updated to version 1.2.8            patches. fixes/ocfs2-1.2-svn-r3070. diff: [PATCH] ocfs2: Remove        overzealous BUG_ON().    patches. fixes/ocfs2-1.2-svn-r3072. diff: [PATCH] ocfs2: fix        rename vs unlink race.    patches. fixes/ocfs2-1.2-svn-r3074. diff: [PATCH] ocfs2: Remove        expensive local alloc bitmap scan code.    patches. fixes/ocfs2-1.2-svn-r3057. diff: [PATCH] ocfs2: Check        for cluster locking in ocfs2_readpage.    patches. fixes/ocfs2-1.2-svn-r2975. diff: ocfs2_dlm: make        functions static.    patches. fixes/ocfs2-1.2-svn-r2976. diff: [PATCH] ocfs2_dlm:        make tot_backoff more descriptive.    patches. fixes/ocfs2-1.2-svn-r3002. diff: [PATCH] ocfs2: Remove        the printing of harmless ERRORS like ECONNRESET, EPIPE. .    patches. fixes/ocfs2-1.2-svn-r3004. diff: [PATCH] ocfs2_dlm:        Call cond_resched_lock() once per hash bucket scan.    patches. fixes/ocfs2-1.2-svn-r3006. diff: [PATCH] ocfs2_dlm:        Silence compiler warnings.    patches. fixes/ocfs2-1.2-svn-r3062. diff: [PATCH] ocfs2_dlm:        Fix double increment of migrated lockres' owner count.            patches. fixes/hugetlb-get_user_pages-corruption. patch: hugetlb:        follow_hugetlb_page() for write access (345239).            enable patches. fixes/reiserfs-fault-in-pages. patch (333412)            patches. drivers/usb-update-evdo-driver-ids. patch: USB: update        evdo driver ids. Get the module to build. . .            patches. drivers/usb-add-usb_device_and_interface_info. patch:        USB: add USB_DEVICE_AND_INTERFACE_INFO().  This is needed to        get the HUAWEI devices to work properly, and to get        patches. drivers/usb-update-evdo-driver-ids. patch to build        without errors.            patches. drivers/usb-update-evdo-driver-ids. patch: USB: update        evdo driver ids on request from our IT department (345438).            patches. suse/kdump-dump_after_notifier. patch:        Add dump_after_notifier sysctl (265764).            patches. drivers/libata-sata_nv-disable-ADMA: sata_nv: disable        ADMA by default (346508).            patches. fixes/cpufreq-fix-ondemand-deadlock. patch: Cpufreq fix ondemand        deadlock (337439).    patches. fixes/eliminate-cpufreq_userspace-scaling_setspeed-deadlock. patch:        Eliminate cpufreq_userspace scaling_setspeed deadlock (337439).            patches. xen/15181-dma-tracking. patch: Fix issue preventing Xen KMPs        from building.            patches. drivers/r8169-perform-a-PHY-reset-before. patch:        r8169: perform a PHY reset before any other operation at boot        time (345658).    patches. drivers/r8169-more-alignment-for-the-0x8168: refresh.            patches. fixes/lockd-grant-shutdown: Stop GRANT callback from        crashing if NFS server has been stopped. (292478).        There was a problem with this patch which would cause apparently        random crashes when lockd was in use.  The offending change        has been removed.     patches. fixes/usb_336850. diff: fix missing quirk leading to        a device disconnecting under load (336850).            patches. fixes/cifs-incomplete-recv. patch: fix incorrect session        reconnects (279783).            patches. fixes/megaraid_mbox-dell-cerc-support: Fix so that it        applies properly. I extended the context to 6 lines to help patch        find where to apply the patch (267134).            patches. fixes/md-idle-test: md: improve the is_mddev_idle test        fix (326591). Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8020701 - Security update for Linux kernel - SLED10
Severity: &lt;Unspecified&gt;
Fixlet ID: 802070102

Fixlet Description: This kernel update fixes the following security problems:    CVE-2008-0007: Insufficient range checks in certain fault handlers        could be used by local attackers to potentially read or write kernel        memory.     CVE-2008-0001: Incorrect access mode checks could be used by local        attackers to corrupt directory contents and so cause denial of service        attacks or potentially execute code.     CVE-2007-5966: Integer overflow in the hrtimer_start function in        kernel/hrtimer. c in the Linux kernel before 2.6.23.10 allows local        users to execute arbitrary code or cause a denial of service (panic)        via a large relative timeout value. NOTE: some of these details are        obtained from third party information.     CVE-2007-6417: The shmem_getpage function (mm/shmem. c) in Linux kernel        2.6.11 through 2.6.23 does not properly clear allocated memory in some        rare circumstances, which might allow local users to read sensitive        kernel data or cause a denial of service (crash).  Additionally the following bugfixes have been included for all platforms:    patches. suse/bootsplash: Bootsplash for current kernel (none).        patch the patch for Bug 345980.    patches. fixes/megaraid-fixup-driver-version: Megaraid driver        version out of sync (299740).            OCFS2: Updated to version 1.2.8            patches. fixes/ocfs2-1.2-svn-r3070. diff: [PATCH] ocfs2: Remove        overzealous BUG_ON().    patches. fixes/ocfs2-1.2-svn-r3072. diff: [PATCH] ocfs2: fix        rename vs unlink race.    patches. fixes/ocfs2-1.2-svn-r3074. diff: [PATCH] ocfs2: Remove        expensive local alloc bitmap scan code.    patches. fixes/ocfs2-1.2-svn-r3057. diff: [PATCH] ocfs2: Check        for cluster locking in ocfs2_readpage.    patches. fixes/ocfs2-1.2-svn-r2975. diff: ocfs2_dlm: make        functions static.    patches. fixes/ocfs2-1.2-svn-r2976. diff: [PATCH] ocfs2_dlm:        make tot_backoff more descriptive.    patches. fixes/ocfs2-1.2-svn-r3002. diff: [PATCH] ocfs2: Remove        the printing of harmless ERRORS like ECONNRESET, EPIPE. .    patches. fixes/ocfs2-1.2-svn-r3004. diff: [PATCH] ocfs2_dlm:        Call cond_resched_lock() once per hash bucket scan.    patches. fixes/ocfs2-1.2-svn-r3006. diff: [PATCH] ocfs2_dlm:        Silence compiler warnings.    patches. fixes/ocfs2-1.2-svn-r3062. diff: [PATCH] ocfs2_dlm:        Fix double increment of migrated lockres' owner count.            patches. fixes/hugetlb-get_user_pages-corruption. patch: hugetlb:        follow_hugetlb_page() for write access (345239).            enable patches. fixes/reiserfs-fault-in-pages. patch (333412)            patches. drivers/usb-update-evdo-driver-ids. patch: USB: update        evdo driver ids. Get the module to build. . .            patches. drivers/usb-add-usb_device_and_interface_info. patch:        USB: add USB_DEVICE_AND_INTERFACE_INFO().  This is needed to        get the HUAWEI devices to work properly, and to get        patches. drivers/usb-update-evdo-driver-ids. patch to build        without errors.            patches. drivers/usb-update-evdo-driver-ids. patch: USB: update        evdo driver ids on request from our IT department (345438).            patches. suse/kdump-dump_after_notifier. patch:        Add dump_after_notifier sysctl (265764).            patches. drivers/libata-sata_nv-disable-ADMA: sata_nv: disable        ADMA by default (346508).            patches. fixes/cpufreq-fix-ondemand-deadlock. patch: Cpufreq fix ondemand        deadlock (337439).    patches. fixes/eliminate-cpufreq_userspace-scaling_setspeed-deadlock. patch:        Eliminate cpufreq_userspace scaling_setspeed deadlock (337439).            patches. xen/15181-dma-tracking. patch: Fix issue preventing Xen KMPs        from building.            patches. drivers/r8169-perform-a-PHY-reset-before. patch:        r8169: perform a PHY reset before any other operation at boot        time (345658).    patches. drivers/r8169-more-alignment-for-the-0x8168: refresh.            patches. fixes/lockd-grant-shutdown: Stop GRANT callback from        crashing if NFS server has been stopped. (292478).        There was a problem with this patch which would cause apparently        random crashes when lockd was in use.  The offending change        has been removed.     patches. fixes/usb_336850. diff: fix missing quirk leading to        a device disconnecting under load (336850).            patches. fixes/cifs-incomplete-recv. patch: fix incorrect session        reconnects (279783).            patches. fixes/megaraid_mbox-dell-cerc-support: Fix so that it        applies properly. I extended the context to 6 lines to help patch        find where to apply the patch (267134).            patches. fixes/md-idle-test: md: improve the is_mddev_idle test        fix (326591). Everyone using the Linux Kernel on x86 architecture should update. Please see patch page for more detailed information.

***************************************************************
Title: PATCH-B8020701 - Dependencies Needed - SLED10/SLES10
Severity: &lt;Unspecified&gt;
Fixlet ID: 802070103
Fixlet Link: http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html

Fixlet Description: Updated kernel packages are now available for SuSE Linux Enterprise 10. However, this update requires that the package "mkinitrd" be installed and at least version "1.2". This update also requires that the package "perl-Bootloader" be installed and at least version "0.4.16".

***************************************************************
Title: PATCH-B8020701 - Dependency Conflict - SLED10
Severity: &lt;Unspecified&gt;
Fixlet ID: 802070104
Fixlet Link: http://support.novell.com/techcenter/psdb/e1a28e357307ceda78d1b761f138dfcb.html

Fixlet Description: Updated kernel packages are now available for SuSE Linux Enterprise 10. However, these systems currently have the Novell Client for Linux kernel module installed. To continue using the Novell Client kernel module, a manual update of kernel and module will need to be done simultaneously, or module after kernel. If the Novell Client kernel module is not needed, it should be removed before updating the Linux kernel. The Novell Client kernel module is contained in a package named "novfs-kmp-default", "novfs-kmp-bigsmp" or "novfs-kmp-smp". Additionally, any separately packaged kernel module that is installed for the current running kernel will need to be either removed before the kernel is updated, or manually updated simultaneously.