local privilege escalation in kernel

The Linux kernel is the core component of the Linux system. This update fixes various security as well as non-security problems discovered since the last round of kernel updates. Not all kernels are affected by all the problems, each of the problems has an affected note attached to it. The CAN-YYYY-NNNN IDs are Mitre CVE Candidate IDs, please see http://www.mitre.org for more information. The following security problems have been fixed: - when creating directories on ext2 filesystems the kernel did not zero initialize the memory allocated. Therefore potentially sensitive information could be exposed to users (CAN-2005-0400). All SUSE LINUX based products are affected. - local users can crash the kernel via a crafted ELF library or executable, which causes a free of an invalid pointer (CAN-2005-0749). All SUSE LINUX based products are affected. - local users could gain root access via a bluetooth socket (CAN-2005-0750). The fix for this problem was missing in SUSE LINUX 9.3 only. - local users could gain root access by causing a core dump of specially crafted ELF executables (CAN-2005-1263). The problem is believed to be not exploitable on any SUSE LINUX based product. The patch is included nevertheless. - on the x86-64 platform various bugs allowed local users to crash the kernel or CPU (CAN-2005-0756, CAN-2005-1762, CAN-2005-1764, CAN-2005-1765) All SUSE LINUX based products on the x86-64 architecture are affected. - an overflow in the x86-64 ptrace code allowed local users to write a few bytes into kernel memory pages they normally shouldn’t have access to (CAN-2005-1763). SLES 9 and SUSE LINUX 9.1-9.3 on the x86-64 architecture are affected. - insufficient checks in the 32bit DRM ioctl functions could allow unprivileged local users to gain root access. SLES 9 and SUSE LINUX 9.1-9.3 on the x86-64 architecture are affected.

Solution

Please install the update packages.