Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security fixes :

- Kernel update 2.6.9-89.EL introduced a flaw in the
ptrace implementation on Itanium systems.
ptrace_check_attach() was not called during certain
ptrace() requests. Under certain circumstances, a local,
unprivileged user could use this flaw to call ptrace()
on a process they do not own, giving them control over
that process. (CVE-2010-0729, Important)

- a flaw was found in the kernel's Unidirectional
Lightweight Encapsulation (ULE) implementation. A remote
attacker could send a specially-crafted ISO MPEG-2
Transport Stream (TS) frame to a target system,
resulting in a denial of service. (CVE-2010-1086,
Important)

- a use-after-free flaw was found in
tcp_rcv_state_process() in the kernel's TCP/IP protocol
suite implementation. If a system using IPv6 had the
IPV6_RECVPKTINFO option set on a listening socket, a
remote attacker could send an IPv6 packet to that
system, causing a kernel panic. (CVE-2010-1188,
Important)

- a divide-by-zero flaw was found in azx_position_ok() in
the Intel High Definition Audio driver, snd-hda-intel. A
local, unprivileged user could trigger this flaw to
cause a denial of service. (CVE-2010-1085, Moderate)

- an information leak flaw was found in the kernel's USB
implementation. Certain USB errors could result in an
uninitialized kernel buffer being sent to user-space. An
attacker with physical access to a target system could
use this flaw to cause an information leak.
(CVE-2010-1083, Low)

Bug fixes :

- a regression prevented the Broadcom BCM5761 network
device from working when in the first (top) PCI-E slot
of Hewlett-Packard (HP) Z600 systems. Note: The card
worked in the 2nd or 3rd PCI-E slot. (BZ#567205)

- the Xen hypervisor supports 168 GB of RAM for 32-bit
guests. The physical address range was set incorrectly,
however, causing 32-bit, para-virtualized Scientific
Linux 4.8 guests to crash when launched on AMD64 or
Intel 64 hosts that have more than 64 GB of RAM.
(BZ#574392)

- Kernel update 2.6.9-89.EL introduced a regression,
causing diskdump to fail on systems with certain
adapters using the qla2xxx driver. (BZ#577234)

- a race condition caused TX to stop in a guest using the
virtio_net driver. (BZ#580089)

- on some systems, using the 'arp_validate=3' bonding
option caused both links to show as 'down' even though
the arp_target was responding to ARP requests sent by
the bonding driver. (BZ#580842)

- in some circumstances, when a Scientific Linux client
connected to a re-booted Windows-based NFS server,
server-side filehandle-to-inode mapping changes caused a
kernel panic. 'bad_inode_ops' handling was changed to
prevent this. Note: filehandle-to-inode mapping changes
may still cause errors, but not panics. (BZ#582908)

- when installing a Scientific Linux 4 guest via PXE,
hard-coded fixed-size scatterlists could conflict with
host requests, causing the guest's kernel to panic. With
this update, dynamically allocated scatterlists are
used, resolving this issue. (BZ#582911)

Enhancements :

- kernel support for connlimit. Note: iptables errata
update RHBA-2010:0395 is also required for connlimit to
work correctly. (BZ#563223)

- support for the Intel architectural performance
monitoring subsystem (arch_perfmon). On supported CPUs,
arch_perfmon offers means to mark performance events and
options for configuring and counting these events.
(BZ#582913)

- kernel support for OProfile sampling of Intel
microarchitecture (Nehalem) CPUs. This update alone does
not address OProfile support for such CPUs. A future
oprofile package update will allow OProfile to work on
Intel Nehalem CPUs. (BZ#582241)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?d8ee1882
https://bugzilla.redhat.com/show_bug.cgi?id=563223
https://bugzilla.redhat.com/show_bug.cgi?id=567205
https://bugzilla.redhat.com/show_bug.cgi?id=574392
https://bugzilla.redhat.com/show_bug.cgi?id=577234
https://bugzilla.redhat.com/show_bug.cgi?id=580089
https://bugzilla.redhat.com/show_bug.cgi?id=580842
https://bugzilla.redhat.com/show_bug.cgi?id=582241
https://bugzilla.redhat.com/show_bug.cgi?id=582908
https://bugzilla.redhat.com/show_bug.cgi?id=582911
https://bugzilla.redhat.com/show_bug.cgi?id=582913

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60787 ()

Bugtraq ID:

CVE ID: CVE-2010-0729
CVE-2010-1083
CVE-2010-1085
CVE-2010-1086
CVE-2010-1188