Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security fixes :

- A flaw in sctp_packet_config() in the Linux kernel's
Stream Control Transmission Protocol (SCTP)
implementation could allow a remote attacker to cause a
denial of service. (CVE-2010-3432, Important)

- A missing integer overflow check in snd_ctl_new() in the
Linux kernel's sound subsystem could allow a local,
unprivileged user on a 32-bit system to cause a denial
of service or escalate their privileges. (CVE-2010-3442,
Important)

Bug fixes :

- Forward time drift was observed on virtual machines
using PM timer-based kernel tick accounting and running
on KVM or the Microsoft Hyper-V Server hypervisor.
Virtual machines that were booted with the divider=x
kernel parameter set to a value greater than 1 and that
showed the following in the kernel boot messages were
subject to this issue :

time.c: Using PM based timekeeping

Fine grained accounting for the PM timer is introduced which
eliminates this issue. However, this fix uncovered a bug in the Xen
hypervisor, possibly causing backward time drift. If this erratum is
installed in Xen HVM guests that meet the aforementioned conditions,
it is recommended that the host use kernel-xen-2.6.18-194.26.1.el5 or
newer, which includes a fix (BZ#641915) for the backward time drift.
(BZ#629237)

- With multipath enabled, systems would occasionally halt
when the do_cciss_request function was used. This was
caused by wrongly-generated requests. Additional checks
have been added to avoid the aforementioned issue.
(BZ#640193)

- A Sun X4200 system equipped with a QLogic HBA
spontaneously rebooted and logged a Hyper-Transport Sync
Flood Error to the system event log. A Maximum Memory
Read Byte Count restriction was added to fix this bug.
(BZ#640919)

- For an active/backup bonding network interface with
VLANs on top of it, when a link failed over, it took a
minute for the multicast domain to be rejoined. This was
caused by the driver not sending any IGMP join packets.
The driver now sends IGMP join packets and the multicast
domain is rejoined immediately. (BZ#641002)

- Replacing a disk and trying to rebuild it afterwards
caused the system to panic. When a domain validation
request for a hot plugged drive was sent, the mptscsi
driver did not validate its existence. This could result
in the driver accessing random memory and causing the
crash. A check has been added that describes the
newly-added device and reloads the iocPg3 data from the
firmware if needed. (BZ#641137)

- An attempt to create a VLAN interface on a bond of two
bnx2 adapters in two switch configurations resulted in a
soft lockup after a few seconds. This was caused by an
incorrect use of a bonding pointer. With this update,
soft lockups no longer occur and creating a VLAN
interface works as expected. (BZ#641254)

- Erroneous pointer checks could have caused a kernel
panic. This was due to a critical value not being copied
when a network buffer was duplicated and consumed by
multiple portions of the kernel's network stack. Fixing
the copy operation resolved this bug. (BZ#642746)

- A typo in a variable name caused it to be dereferenced
in either mkdir() or create() which could cause a kernel
panic. (BZ#643342)

- SCSI high level drivers can submit SCSI commands which
would never be completed when the device was offline.
This was caused by a missing callback for the request to
complete the given command. SCSI requests are now
terminated by calling their callback when a device is
offline. (BZ#644816)

- A kernel panic could have occurred on systems due to a
recursive lock in the 3c59x driver. Recursion is now
avoided and this kernel panic no longer occurs.
(BZ#648407)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?76ee41d8
https://bugzilla.redhat.com/show_bug.cgi?id=629237
https://bugzilla.redhat.com/show_bug.cgi?id=640193
https://bugzilla.redhat.com/show_bug.cgi?id=640919
https://bugzilla.redhat.com/show_bug.cgi?id=641002
https://bugzilla.redhat.com/show_bug.cgi?id=641137
https://bugzilla.redhat.com/show_bug.cgi?id=641254
https://bugzilla.redhat.com/show_bug.cgi?id=641915
https://bugzilla.redhat.com/show_bug.cgi?id=642746
https://bugzilla.redhat.com/show_bug.cgi?id=643342
https://bugzilla.redhat.com/show_bug.cgi?id=644816
https://bugzilla.redhat.com/show_bug.cgi?id=648407

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60912 ()

Bugtraq ID:

CVE ID: CVE-2010-3432
CVE-2010-3442