They just posted to Bugtraq today:
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: Linux Kernel
Announcement-ID: SuSE-SA:2003:049
Date: Thursday, December 4th 2003 15:30 MET
Affected products: 7.3, 8.0, 8.1, 8.2, 9.0
SuSE Linux Enterprise Server 7,
SuSE Linux Database Server,
SuSE eMail Server III, 3.1
SuSE Linux Firewall on CD/Admin host
SuSE Linux Office Server
SuSE Linux Desktop 1.0
SuSE Linux School Server
Vulnerability Type: local root exploit
Severity (1-10): 8
SUSE default package: yes
Cross References: CAN-2003-0961
Content of this advisory:
1) security vulnerability resolved:
- Linux kernel brk() integer overflow
problem description, discussion, solution and upgrade
information
2) pending vulnerabilities, solutions, workarounds:
- KDE
- mc
- apache1/2
- freeradius
- screen
- mod_gzip
- unace
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade
information
This security update fixes a serious vulnerability in the Linux
kernel. A missing bounds check in the brk() system call allowed
processes to request memory beyond the maximum size allowed for
tasks,
causing kernel memory to be mapped into the process' address
space.
This allowed local attackers to obtain super user privileges.
An exploit for this vulnerability is circulating in the wild, and
has been used to compromise OpenSource development servers.
There is no temporary workaround for this bug.
This update also fixes several other security issues in the
kernel
- race condition with files opened via O_DIRECT which could
be exploited to read disk blocks randomly. This could include
blocks of previously deleted files with sensitive content.
- don't allow users to send signals to kmod
- when reading the RTC, don't leak kernel stack data to user
space
SPECIAL INSTALL INSTRUCTIONS:
==============================
The following paragraphs will guide you through the installation
process in a step-by-step fashion. The character sequence
"****"
marks the beginning of a new paragraph. In some cases, you decide
if the paragraph is needed for you or not. Please read through all
of the steps down to the end. All of the commands that need to be
executed are required to be run as the superuser (root). Each step
relies on the steps before to complete successfully.
**** Step 1: Determine the needed kernel type
Please use the following command to find the kernel type that is
installed on your system:
rpm -qf /boot/vmlinuz
The following options are possible (disregarding the version and
build
number following the name, separated by the "-"
character):
k_deflt # default kernel, good for most systems.
k_i386 # kernel for older processors and chipsets
k_athlon # kernel made specifically for AMD Athlon(tm) family
processors
k_psmp # kernel for Pentium-I dual processor systems
k_smp # kernel for SMP systems (Pentium-II and above)
**** Step 2: Download the package for your system
Please download the kernel RPM package for your distribution with
the
name starting as indicated by Step 1. The list of all kernel rpm
packages is appended below. Note: The kernel-source package does
not
contain any binary kernel in bootable form. Instead, it contains
the
sources that the binary kernel rpm packages are made from. It can
be
used by administrators who have decided to build their own kernel.
Since the kernel-source.rpm is an installable (compiled) package
that
contains sources for the linux kernel, it is not the source RPM
for
the kernel RPM binary packages.
The kernel RPM binary packages for the distributions can be found
at these
locations below
ftp://ftp.suse.com/pub/suse/i386/update/.
