Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

This update fixes the following security issues :

- Information leak flaws were found in the Linux kernel
Traffic Control Unit implementation. A local attacker
could use these flaws to cause the kernel to leak kernel
memory to user-space, possibly leading to the disclosure
of sensitive information. (CVE-2010-2942, Moderate)

- A flaw was found in the tcf_act_police_dump() function
in the Linux kernel network traffic policing
implementation. A data structure in
tcf_act_police_dump() was not initialized properly
before being copied to user-space. A local, unprivileged
user could use this flaw to cause an information leak.
(CVE-2010-3477, Moderate)

- A missing upper bound integer check was found in the
sys_io_submit() function in the Linux kernel
asynchronous I/O implementation. A local, unprivileged
user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

This update also fixes the following bugs :

- When two systems using bonding devices in the adaptive
load balancing (ALB) mode communicated with each other,
an endless loop of ARP replies started between these two
systems due to a faulty MAC address update. With this
update, the MAC address update no longer creates
unneeded ARP replies. (BZ#629239)

- When running the Connectathon NFS Testsuite with certain
clients and Scientific Linux 4.8 as the server,
nfsvers4, lock, and test2 failed the Connectathon test.
(BZ#625535)

- For UDP/UNIX domain sockets, due to insufficient memory
barriers in the network code, a process sleeping in
select() may have missed notifications about new data.
In rare cases, this bug may have caused a process to
sleep forever. (BZ#640117)

- In certain situations, a bug found in either the HTB or
TBF network packet schedulers in the Linux kernel could
have caused a kernel panic when using Broadcom network
cards with the bnx2 driver. (BZ#624363)

- Previously, allocating fallback cqr for DASD
reserve/release IOCTLs failed because it used the memory
pool of the respective device. This update preallocates
sufficient memory for a single reserve/release request.
(BZ#626828)

- In some situations a bug prevented 'force online'
succeeding for a DASD device. (BZ#626827)

- Using the 'fsstress' utility may have caused a kernel
panic. (BZ#633968)

- This update introduces additional stack guard patches.
(BZ#632515)

- A bug was found in the way the megaraid_sas driver
handled physical disks and management IOCTLs. All
physical disks were exported to the disk layer, allowing
an oops in megasas_complete_cmd_dpc() when completing
the IOCTL command if a timeout occurred. (BZ#631903)

- Previously, a warning message was returned when a large
amount of messages was passed through netconsole and a
considerable amount of network load was added. With this
update, the warning message is no longer displayed.
(BZ#637729)

- Executing a large 'dd' command (1 to 5GB) on an iSCSI
device with the qla3xxx driver caused a system crash due
to the incorrect storing of a private data structure.
With this update, the size of the stored data structure
is checked and the system crashes no longer occur.
(BZ#624364)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?c905f6f2
https://bugzilla.redhat.com/show_bug.cgi?id=624363
https://bugzilla.redhat.com/show_bug.cgi?id=624364
https://bugzilla.redhat.com/show_bug.cgi?id=625535
https://bugzilla.redhat.com/show_bug.cgi?id=626827
https://bugzilla.redhat.com/show_bug.cgi?id=626828
https://bugzilla.redhat.com/show_bug.cgi?id=629239
https://bugzilla.redhat.com/show_bug.cgi?id=631903
https://bugzilla.redhat.com/show_bug.cgi?id=632515
https://bugzilla.redhat.com/show_bug.cgi?id=633968
https://bugzilla.redhat.com/show_bug.cgi?id=637729
https://bugzilla.redhat.com/show_bug.cgi?id=640117

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60871 ()

Bugtraq ID:

CVE ID: CVE-2010-2942
CVE-2010-3067
CVE-2010-3477