Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security fixes :

- a NULL pointer dereference flaw was found in the Linux
kernel NFSv4 implementation. Several of the NFSv4 file
locking functions failed to check whether a file had
been opened on the server before performing locking
operations on it. A local, unprivileged user on a system
with an NFSv4 share mounted could possibly use this flaw
to cause a kernel panic (denial of service) or escalate
their privileges. (CVE-2009-3726, Important)

- a flaw was found in the sctp_process_unk_param()
function in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. A remote attacker could
send a specially-crafted SCTP packet to an SCTP
listening port on a target system, causing a kernel
panic (denial of service). (CVE-2010-1173, Important)

- a race condition between finding a keyring by name and
destroying a freed keyring was found in the Linux kernel
key management facility. A local, unprivileged user
could use this flaw to cause a kernel panic (denial of
service) or escalate their privileges. (CVE-2010-1437,
Important)

Red Hat would like to thank Simon Vallet for responsibly reporting
CVE-2009-3726
and Jukka Taimisto and Olli Jarva of Codenomicon Ltd,
Nokia Siemens Networks, and Wind River on behalf of their customer,
for responsibly reporting CVE-2010-1173.

Bug fixes :

- RHBA-2007:0791 introduced a regression in the Journaling
Block Device (JBD). Under certain circumstances,
removing a large file (such as 300 MB or more) did not
result in inactive memory being freed, leading to the
system having a large amount of inactive memory. Now,
the memory is correctly freed. (BZ#589155)

- the timer_interrupt() routine did not scale lost real
ticks to logical ticks correctly, possibly causing time
drift for 64-bit Scientific Linux 4 KVM (Kernel-based
Virtual Machine) guests that were booted with the
'divider=x' kernel parameter set to a value greater than
1. 'warning: many lost ticks' messages may have been
logged on the affected guest systems. (BZ#590551)

- a bug could have prevented NFSv3 clients from having the
most up-to-date file attributes for files on a given
NFSv3 file system. In cases where a file type changed,
such as if a file was removed and replaced with a
directory of the same name, the NFSv3 client may not
have noticed this change until stat(2) was called (for
example, by running 'ls -l'). (BZ#596372)

- RHBA-2007:0791 introduced bugs in the Linux kernel PCI-X
subsystem. These could have caused a system deadlock on
some systems where the BIOS set the default Maximum
Memory Read Byte Count (MMRBC) to 4096, and that also
use the Intel PRO/1000 Linux driver, e1000. Errors such
as 'e1000: eth[x]: e1000_clean_tx_irq: Detected Tx Unit
Hang' were logged. (BZ#596374)

- an out of memory condition in a KVM guest, using the
virtio-net network driver and also under heavy network
stress, could have resulted in that guest being unable
to receive network traffic. Users had to manually remove
and re-add the virtio_net module and restart the network
service before networking worked as expected. Such
memory conditions no longer prevent KVM guests receiving
network traffic. (BZ#597310)

- when an SFQ qdisc that limited the queue size to two
packets was added to a network interface, sending
traffic through that interface resulted in a kernel
crash. Such a qdisc no longer results in a kernel crash.
(BZ#597312)

- when an NFS client opened a file with the O_TRUNC flag
set, it received a valid stateid, but did not use that
stateid to perform the SETATTR call. Such cases were
rejected by Red Hat Enterprise Linux 4 NFS servers with
an 'NFS4ERR_BAD_STATEID' error, possibly preventing some
NFS clients from writing files to an NFS file system.
(BZ#597314)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?d349837d
https://bugzilla.redhat.com/show_bug.cgi?id=589155
https://bugzilla.redhat.com/show_bug.cgi?id=590551
https://bugzilla.redhat.com/show_bug.cgi?id=596372
https://bugzilla.redhat.com/show_bug.cgi?id=596374
https://bugzilla.redhat.com/show_bug.cgi?id=597310
https://bugzilla.redhat.com/show_bug.cgi?id=597312
https://bugzilla.redhat.com/show_bug.cgi?id=597314

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60802 ()

Bugtraq ID:

CVE ID: CVE-2009-3726
CVE-2010-1173
CVE-2010-1437