Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

- An integer overflow flaw in ib_uverbs_poll_cq() could
allow a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2010-4649,
Important)

- A race condition in the way new InfiniBand connections
were set up could allow a remote user to cause a denial
of service. (CVE-2011-0695, Important)

- A flaw in the Stream Control Transmission Protocol
(SCTP) implementation could allow a remote attacker to
cause a denial of service if the sysctl
'net.sctp.addip_enable' variable was turned on (it is
off by default). (CVE-2011-1573, Important)

- Flaws in the AGPGART driver implementation when handling
certain IOCTL commands could allow a local, unprivileged
user to cause a denial of service or escalate their
privileges. (CVE-2011-1745, CVE-2011-2022, Important)

- An integer overflow flaw in agp_allocate_memory() could
allow a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2011-1746,
Important)

- A flaw allowed napi_reuse_skb() to be called on VLAN
(virtual LAN) packets. An attacker on the local network
could trigger this flaw by sending specially-crafted
packets to a target system, possibly causing a denial of
service. (CVE-2011-1576, Moderate)

- An integer signedness error in next_pidmap() could allow
a local, unprivileged user to cause a denial of service.
(CVE-2011-1593, Moderate)

- A flaw in the way the Xen hypervisor implementation
handled CPUID instruction emulation during virtual
machine exits could allow an unprivileged guest user to
crash a guest. This only affects systems that have an
Intel x86 processor with the Intel VT-x extension
enabled. (CVE-2011-1936, Moderate)

- A flaw in inet_diag_bc_audit() could allow a local,
unprivileged user to cause a denial of service (infinite
loop). (CVE-2011-2213, Moderate)

- A missing initialization flaw in the XFS file system
implementation could lead to an information leak.
(CVE-2011-0711, Low)

- A flaw in ib_uverbs_poll_cq() could allow a local,
unprivileged user to cause an information leak.
(CVE-2011-1044, Low)

- A missing validation check was found in the signals
implementation. A local, unprivileged user could use
this flaw to send signals via the sigqueueinfo system
call, with the si_code set to SI_TKILL and with spoofed
process and user IDs, to other processes. Note: This
flaw does not allow existing permission checks to be
bypassed
signals can only be sent if your privileges
allow you to already do so. (CVE-2011-1182, Low)

- A heap overflow flaw in the EFI GUID Partition Table
(GPT) implementation could allow a local attacker to
cause a denial of service by mounting a disk containing
specially-crafted partition tables. (CVE-2011-1776, Low)

- Structure padding in two structures in the Bluetooth
implementation was not initialized properly before being
copied to user-space, possibly allowing local,
unprivileged users to leak kernel stack memory to
user-space. (CVE-2011-2492, Low)

This update fixes several bugs.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?c3c2d1ce

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)