Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

These updated packages fix the following security issue :

- a possible kernel memory leak was found in the Linux
kernel Simple Internet Transition (SIT) INET6
implementation. This could allow a local unprivileged
user to cause a denial of service. (CVE-2008-2136,
Important)

As well, these updated packages fix the following bugs :

- a possible kernel hang on hugemem systems, due to a bug
in NFS, which may have caused systems to become
unresponsive, has been resolved.

- an inappropriate exit condition occurred in the
architecture-specific 'mmap()' realization, which fell
into an infinite loop under certain conditions. On
64-bit systems, this issue may have manifested itself to
users as a soft lockup, or process hangs.

- due to a bug in hardware initialization in the
'ohci_hcd' kernel module, the kernel may have failed
with a NULL pointer dereference. On 64-bit PowerPC
systems, this may have caused booting to fail, and drop
to xmon. On other platforms, a kernel oops occurred.

- due to insufficient locks in task termination code, a
panic may have occurred in the 'sys_times()' system call
on SMP machines.

See also :

http://www.nessus.org/u?7e713a22

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60448 ()

Bugtraq ID:

CVE ID: CVE-2008-2136