Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

These new kernel packages contain fixes for the security issues
described below :

- a flaw in the ISDN CAPI subsystem that allowed a remote
user to cause a denial of service or potential remote
access. Exploitation would require the attacker to be
able to send arbitrary frames over the ISDN network to
the victim's machine. (CVE-2007-1217, Moderate)

- a flaw in the perfmon subsystem on ia64 platforms that
allowed a local user to cause a denial of service.
(CVE-2006-0558, Moderate)

In addition, the following bugs were addressed :

- a panic after reloading of the LSI Fusion driver.

- a vm performance problem was corrected by balancing
inactive page lists.

- added a nodirplus option to address NFSv3 performance
issues with large directories.

- changed the personality handling to disallow personality
changes of setuid and setgid binaries. This ensures they
keep any randomization and Exec-shield protection.

See also :

http://www.nessus.org/u?445839d7

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60246 ()

Bugtraq ID:

CVE ID: CVE-2006-0558
CVE-2007-1217