Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- Olaf Kirch reported a flaw in the i915 kernel driver
that only affects the Intel G33 series and newer. This
flaw could, potentially, lead to local privilege
escalation. (CVE-2008-3831, Important)

- Miklos Szeredi reported a missing check for files opened
with O_APPEND in the sys_splice(). This could allow a
local, unprivileged user to bypass the append-only file
restrictions. (CVE-2008-4554, Important)

- a deficiency was found in the Linux kernel Stream
Control Transmission Protocol (SCTP) implementation.
This could lead to a possible denial of service if one
end of a SCTP connection did not support the AUTH
extension. (CVE-2008-4576, Important)

In addition, these updated packages fix the following bugs :

- on Itanium&reg
systems, when a multithreaded program
was traced using the command 'strace -f', messages
similar to the following ones were displayed, after
which the trace would stop :

PANIC: attached pid 10740 exited PANIC:
handle_group_exit: 10740 leader 10721 PANIC: attached
pid 10739 exited PANIC: handle_group_exit: 10739 leader
10721 ...

In these updated packages, tracing a multithreaded program using the
'strace -f' command no longer results in these error messages, and
strace terminates normally after tracing all threads.

- on big-endian systems such as PowerPC, the getsockopt()
function incorrectly returned 0 depending on the
parameters passed to it when the time to live (TTL)
value equaled 255.

- when using an NFSv4 file system, accessing the same file
with two separate processes simultaneously resulted in
the NFS client process becoming unresponsive.

- on AMD64 and Intel&reg
64 hypervisor-enabled systems,
in cases in which a syscall correctly returned '-1' in
code compiled on Red Hat Enterprise Linux 5, the same
code, when run with the strace utility, would
incorrectly return an invalid return value. This has
been fixed so that on AMD64 and Intel&reg
64
hypervisor-enabled systems, syscalls in compiled code
return the same, correct values as syscalls do when run
with strace.

- on the Itanium&reg
architecture, fully-virtualized
guest domains which were created using more than 64 GB
of memory caused other guest domains not to receive
interrupts, which caused a soft lockup on other guests.
All guest domains are now able to receive interrupts
regardless of their allotted memory.

- when user-space used SIGIO notification, which wasn't
disabled before closing a file descriptor, and was then
re-enabled in a different process, an attempt by the
kernel to dereference a stale pointer led to a kernel
crash. With this fix, such a situation no longer causes
a kernel crash.

- modifications to certain pages made through a
memory-mapped region could have been lost in cases when
the NFS client needed to invalidate the page cache for
that particular memory-mapped file.

- fully-virtualized Windows guests became unresponsive due
to the vIOSAPIC component being multiprocessor-unsafe.
With this fix, vIOSAPIC is multiprocessor-safe and
Windows guests do not become unresponsive.

- on certain systems, keyboard controllers were not able
to withstand a continuous flow of requests to switch
keyboard LEDs on or off, which resulted in some or all
key presses not being registered by the system.

- on the Itanium&reg
architecture, setting the
'vm.nr_hugepages' sysctl parameter caused a kernel stack
overflow resulting in a kernel panic, and possibly stack
corruption. With this fix, setting vm.nr_hugepages works
correctly.

- hugepages allow the Linux kernel to utilize the multiple
page size capabilities of modern hardware architectures.
In certain configurations, systems with large amounts of
memory could fail to allocate most of memory for
hugepages even if it was free, which could have
resulted, for example, in database restart failures.

See also :

http://www.nessus.org/u?67b2dac3

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60508 ()

Bugtraq ID:

CVE ID: CVE-2008-3831
CVE-2008-4554
CVE-2008-4576