Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes :

- The maximum file offset handling for ext4 file systems
could allow a local, unprivileged user to cause a denial
of service. (CVE-2011-2695, Important)

- IPv6 fragment identification value generation could
allow a remote attacker to disrupt a target system's
networking, preventing legitimate users from accessing
its services. (CVE-2011-2699, Important)

- A malicious CIFS (Common Internet File System) server
could send a specially-crafted response to a directory
read request that would result in a denial of service or
privilege escalation on a system that has a CIFS share
mounted. (CVE-2011-3191, Important)

- A local attacker could use mount.ecryptfs_private to
mount (and then access) a directory they would otherwise
not have access to. Note: To correct this issue, a
ecryptfs-utils update must also be installed.
(CVE-2011-1833, Moderate)

- A flaw in the taskstats subsystem could allow a local,
unprivileged user to cause excessive CPU time and memory
use. (CVE-2011-2484, Moderate)

- Mapping expansion handling could allow a local,
unprivileged user to cause a denial of service.
(CVE-2011-2496, Moderate)

- GRO (Generic Receive Offload) fields could be left in an
inconsistent state. An attacker on the local network
could use this flaw to cause a denial of service. GRO is
enabled by default in all network drivers that support
it. (CVE-2011-2723, Moderate)

- A previous update introduced a regression in the
Ethernet bridge implementation. If a system had an
interface in a bridge, and an attacker on the local
network could send packets to that interface, they could
cause a denial of service on that system. Xen hypervisor
and KVM (Kernel-based Virtual Machine) hosts often
deploy bridge interfaces. (CVE-2011-2942, Moderate)

- A flaw in the Xen hypervisor IOMMU error handling
implementation could allow a privileged guest user,
within a guest operating system that has direct control
of a PCI device, to cause performance degradation on the
host and possibly cause it to hang. (CVE-2011-3131,
Moderate)

- IPv4 and IPv6 protocol sequence number and fragment ID
generation could allow a man-in-the-middle attacker to
inject packets and possibly hijack connections. Protocol
sequence number and fragment IDs are now more random.
(CVE-2011-3188, Moderate)

- A flaw in the kernel's clock implementation could allow
a local, unprivileged user to cause a denial of service.
(CVE-2011-3209, Moderate)

- Non-member VLAN (virtual LAN) packet handling for
interfaces in promiscuous mode and also using the be2net
driver could allow an attacker on the local network to
cause a denial of service. (CVE-2011-3347, Moderate)

- A flaw in the auerswald USB driver could allow a local,
unprivileged user to cause a denial of service or
escalate their privileges by inserting a
specially-crafted USB device. (CVE-2009-4067, Low)

- A flaw in the Trusted Platform Module (TPM)
implementation could allow a local, unprivileged user to
leak information to user space. (CVE-2011-1160, Low)

- A local, unprivileged user could possibly mount a CIFS
share that requires authentication without knowing the
correct password if the mount was already mounted by
another local user. (CVE-2011-1585, Low)

See also :

http://www.nessus.org/u?eeedc209

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)