Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue :

- It was found that permissions were not checked properly
in the Linux kernel when handling the /proc/[pid]/mem
writing functionality. A local, unprivileged user could
use this flaw to escalate their privileges.
(CVE-2012-0056, Important)

This update fixes the following bugs :

- The 2.6.32-220.2.1.el6 kernel update introduced a bug in
the Linux kernel scheduler, causing a 'WARNING: at
kernel/sched.c:5915 thread_return' message and a call
trace to be logged. This message was harmless, and was
not due to any system malfunctions or adverse behavior.
With this update, the WARN_ON_ONCE() call in the
scheduler that caused this harmless message has been
removed.

- The 2.6.32-220.el6 kernel update introduced a regression
in the way the Linux kernel maps ELF headers for kernel
modules into kernel memory. If a third-party kernel
module is compiled on a Scientific Linux system with a
kernel prior to 2.6.32-220.el6, then loading that module
on a system with 2.6.32-220.el6 kernel would result in
corruption of one byte in the memory reserved for the
module. In some cases, this could prevent the module
from functioning correctly.

- On some SMP systems the tsc may erroneously be marked as
unstable during early system boot or while the system is
under heavy load. A 'Clocksource tsc unstable' message
was logged when this occurred. As a result the system
would switch to the slower access, but higher precision
HPET clock.

The 'tsc=reliable' kernel parameter is supposed to avoid this problem
by indicating that the system has a known good clock, however, the
parameter only affected run time checks. A fix has been put in to
avoid the boot time checks so that the TSC remains as the clock for
the duration of system runtime.

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect.

See also :

http://www.nessus.org/u?c3fac6cb

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61221 ()

Bugtraq ID:

CVE ID: CVE-2012-0056