Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

This update addresses the following security issues :

- the sendmsg() function in the Linux kernel did not block
during UNIX socket garbage collection. This could,
potentially, lead to a local denial of service.
(CVE-2008-5300, Important)

- when fput() was called to close a socket, the
__scm_destroy() function in the Linux kernel could make
indirect recursive calls to itself. This could,
potentially, lead to a local denial of service.
(CVE-2008-5029, Important)

- a deficiency was found in the Linux kernel virtual file
system (VFS) implementation. This could allow a local,
unprivileged user to make a series of file creations
within deleted directories, possibly causing a denial of
service. (CVE-2008-3275, Moderate)

- a buffer underflow flaw was found in the Linux kernel
IB700 SBC watchdog timer driver. This deficiency could
lead to a possible information leak. By default, the
'/dev/watchdog' device is accessible only to the root
user. (CVE-2008-5702, Low)

- the hfs and hfsplus file systems code failed to properly
handle corrupted data structures. This could,
potentially, lead to a local denial of service.
(CVE-2008-4933, CVE-2008-5025, Low)

- a flaw was found in the hfsplus file system
implementation. This could, potentially, lead to a local
denial of service when write operations were performed.
(CVE-2008-4934, Low)

This update also fixes the following bugs :

- when running Red Hat Enterprise Linux 4.6 and 4.7 on
some systems running Intel&reg
CPUs, the cpuspeed
daemon did not run, preventing the CPU speed from being
changed, such as not being reduced to an idle state when
not in use.

- mmap() could be used to gain access to beyond the first
megabyte of RAM, due to insufficient checks in the Linux
kernel code. Checks have been added to prevent this.

- attempting to turn keyboard LEDs on and off rapidly on
keyboards with slow keyboard controllers, may have
caused key presses to fail.

- after migrating a hypervisor guest, the MAC address
table was not updated, causing packet loss and
preventing network connections to the guest. Now, a
gratuitous ARP request is sent after migration. This
refreshes the ARP caches, minimizing network downtime.

- writing crash dumps with diskdump may have caused a
kernel panic on Non-Uniform Memory Access (NUMA) systems
with certain memory configurations.

- on big-endian systems, such as PowerPC, the getsockopt()
function incorrectly returned 0 depending on the
parameters passed to it when the time to live (TTL)
value equaled 255, possibly causing memory corruption
and application crashes.

- a problem in the kernel packages provided by the
RHSA-2008:0508 advisory caused the Linux kernel's
built-in memory copy procedure to return the wrong error
code after recovering from a page fault on AMD64 and
Intel 64 systems. This may have caused other Linux
kernel functions to return wrong error codes.

- a divide-by-zero bug in the Linux kernel process
scheduler, which may have caused kernel panics on
certain systems, has been resolved.

- the netconsole kernel module caused the Linux kernel to
hang when slave interfaces of bonded network interfaces
were started, resulting in a system hang or kernel panic
when restarting the network.

- the '/proc/xen/' directory existed even if systems were
not running Red Hat Virtualization. This may have caused
problems for third-party software that checks
virtualization-ability based on the existence of
'/proc/xen/'. Note: this update will remove the
'/proc/xen/' directory on systems not running Red Hat
Virtualization.

This updated kernel-utils package adds an enhancement in the way of
proper support for user-space frequency-scaling on multi-core systems.

See also :

http://www.nessus.org/u?72598625

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60520 ()

Bugtraq ID:

CVE ID: CVE-2008-3275
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5029
CVE-2008-5300
CVE-2008-5702