Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

Security fixes :

- a NULL pointer dereference flaw was found in the Linux
kernel NFSv4 implementation. Several of the NFSv4 file
locking functions failed to check whether a file had
been opened on the server before performing locking
operations on it. A local, unprivileged user on a system
with an NFSv4 share mounted could possibly use this flaw
to cause a kernel panic (denial of service) or escalate
their privileges. (CVE-2009-3726, Important)

- a flaw was found in the sctp_process_unk_param()
function in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. A remote attacker could
send a specially crafted SCTP packet to an SCTP
listening port on a target system, causing a kernel
panic (denial of service). (CVE-2010-1173, Important)

- a race condition between finding a keyring by name and
destroying a freed keyring was found in the Linux kernel
key management facility. A local, unprivileged user
could use this flaw to cause a kernel panic (denial of
service) or escalate their privileges. (CVE-2010-1437,

Red Hat would like to thank Simon Vallet for responsibly reporting
and Jukka Taimisto and Olli Jarva of Codenomicon Ltd,
Nokia Siemens Networks, and Wind River on behalf of their customer,
for responsibly reporting CVE-2010-1173.

Bug fixes :

- RHBA-2007:0791 introduced a regression in the Journaling
Block Device (JBD). Under certain circumstances,
removing a large file (such as 300 MB or more) did not
result in inactive memory being freed, leading to the
system having a large amount of inactive memory. Now,
the memory is correctly freed. (BZ#589155)

- the timer_interrupt() routine did not scale lost real
ticks to logical ticks correctly, possibly causing time
drift for 64-bit Scientific Linux 4 KVM (Kernel-based
Virtual Machine) guests that were booted with the
'divider=x' kernel parameter set to a value greater than
1. 'warning: many lost ticks' messages may have been
logged on the affected guest systems. (BZ#590551)

- a bug could have prevented NFSv3 clients from having the
most up-to-date file attributes for files on a given
NFSv3 file system. In cases where a file type changed,
such as if a file was removed and replaced with a
directory of the same name, the NFSv3 client may not
have noticed this change until stat(2) was called (for
example, by running 'ls -l'). (BZ#596372)

- RHBA-2007:0791 introduced bugs in the Linux kernel PCI-X
subsystem. These could have caused a system deadlock on
some systems where the BIOS set the default Maximum
Memory Read Byte Count (MMRBC) to 4096, and that also
use the Intel PRO/1000 Linux driver, e1000. Errors such
as 'e1000: eth[x]: e1000_clean_tx_irq: Detected Tx Unit
Hang' were logged. (BZ#596374)

- an out of memory condition in a KVM guest, using the
virtio-net network driver and also under heavy network
stress, could have resulted in that guest being unable
to receive network traffic. Users had to manually remove
and re-add the virtio_net module and restart the network
service before networking worked as expected. Such
memory conditions no longer prevent KVM guests receiving
network traffic. (BZ#597310)

- when an SFQ qdisc that limited the queue size to two
packets was added to a network interface, sending
traffic through that interface resulted in a kernel
crash. Such a qdisc no longer results in a kernel crash.

- when an NFS client opened a file with the O_TRUNC flag
set, it received a valid stateid, but did not use that
stateid to perform the SETATTR call. Such cases were
rejected by Red Hat Enterprise Linux 4 NFS servers with
an 'NFS4ERR_BAD_STATEID' error, possibly preventing some
NFS clients from writing files to an NFS file system.

The system must be rebooted for this update to take effect.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60802 ()

Bugtraq ID:

CVE ID: CVE-2009-3726