Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

This update fixes the following security issues :

- A flaw was found in sctp_packet_config() in the Linux
kernel's Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could use this flaw to
cause a denial of service. (CVE-2010-3432, Important)

- A missing integer overflow check was found in
snd_ctl_new() in the Linux kernel's sound subsystem. A
local, unprivileged user on a 32-bit system could use
this flaw to cause a denial of service or escalate their
privileges. (CVE-2010-3442, Important)

- A heap overflow flaw in the Linux kernel's Transparent
Inter-Process Communication protocol (TIPC)
implementation could allow a local, unprivileged user to
escalate their privileges. (CVE-2010-3859, Important)

- An integer overflow flaw was found in the Linux kernel's
Reliable Datagram Sockets (RDS) protocol implementation.
A local, unprivileged user could use this flaw to cause
a denial of service or escalate their privileges.
(CVE-2010-3865, Important)

- A flaw was found in the Xenbus code for the unified
block-device I/O interface back end. A privileged guest
user could use this flaw to cause a denial of service on
the host system running the Xen hypervisor.
(CVE-2010-3699, Moderate)

- Missing sanity checks were found in setup_arg_pages() in
the Linux kernel. When making the size of the argument
and environment area on the stack very large, it could
trigger a BUG_ON(), resulting in a local denial of
service. (CVE-2010-3858, Moderate)

- A flaw was found in inet_csk_diag_dump() in the Linux
kernel's module for monitoring the sockets of INET
transport protocols. By sending a netlink message with
certain bytecode, a local, unprivileged user could cause
a denial of service. (CVE-2010-3880, Moderate)

- Missing sanity checks were found in gdth_ioctl_alloc()
in the gdth driver in the Linux kernel. A local user
with access to '/dev/gdth' on a 64-bit system could use
this flaw to cause a denial of service or escalate their
privileges. (CVE-2010-4157, Moderate)

- The fix put into kernel-2.6.18-164.el5 introduced a
regression. A local, unprivileged user could use this
flaw to cause a denial of service. (CVE-2010-4161,
Moderate)

- A NULL pointer dereference flaw was found in the
Bluetooth HCI UART driver in the Linux kernel. A local,
unprivileged user could use this flaw to cause a denial
of service. (CVE-2010-4242, Moderate)

- It was found that a malicious guest running on the Xen
hypervisor could place invalid data in the memory that
the guest shared with the blkback and blktap back-end
drivers, resulting in a denial of service on the host
system. (CVE-2010-4247, Moderate)

- A flaw was found in the Linux kernel's CPU time clocks
implementation for the POSIX clock interface. A local,
unprivileged user could use this flaw to cause a denial
of service. (CVE-2010-4248, Moderate)

- Missing initialization flaws in the Linux kernel could
lead to information leaks. (CVE-2010-3876,
CVE-2010-4083, Low)

This update also fixes several bugs and adds an enhancement.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?11870ede

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)