Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security fixes :

- A race condition in the way asynchronous I/O and
fallocate() interacted when using ext4 could allow a
local, unprivileged user to obtain random data from a
deleted file. (CVE-2012-4508, Important)

- A flaw in the way the Xen hypervisor implementation
range checked guest provided addresses in the
XENMEM_exchange hypercall could allow a malicious,
para-virtualized guest administrator to crash the
hypervisor or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the
hypervisor level. (CVE-2012-5513, Important)

- A flaw in the Reliable Datagram Sockets (RDS) protocol
implementation could allow a local, unprivileged user to
cause a denial of service. (CVE-2012-2372, Moderate)

- A race condition in the way access to inet->opt
ip_options was synchronized in the Linux kernel's TCP/IP
protocol suite implementation. Depending on the network
facing applications running on the system, a remote
attacker could possibly trigger this flaw to cause a
denial of service. A local, unprivileged user could use
this flaw to cause a denial of service regardless of the
applications the system runs. (CVE-2012-3552, Moderate)

- The Xen hypervisor implementation did not properly
restrict the period values used to initialize per VCPU
periodic timers. A privileged guest user could cause an
infinite loop on the physical CPU. If the watchdog were
enabled, it would detect said loop and panic the host
system. (CVE-2012-4535, Moderate)

- A flaw in the way the Xen hypervisor implementation
handled set_p2m_entry() error conditions could allow a
privileged, fully-virtualized guest user to crash the
hypervisor. (CVE-2012-4537, Moderate)

Bug fixes :

- Previously, the interrupt handlers of the qla2xxx driver
could clear pending interrupts right after the IRQ lines
were attached during system start-up. Consequently, the
kernel could miss the interrupt that reported completion
of the link initialization, and the qla2xxx driver then
failed to detect all attached LUNs. With this update,
the qla2xxx driver has been modified to no longer clear
interrupt bits after attaching the IRQ lines. The driver
now correctly detects all attached LUNs as expected.

- The Ethernet channel bonding driver reported the MII
(Media Independent Interface) status of the bond
interface in 802.3ad mode as being up even though the
MII status of all of the slave devices was down. This
could pose a problem if the MII status of the bond
interface was used to determine if failover should
occur. With this update, the agg_device_up() function
has been added to the bonding driver, which allows the
driver to report the link status of the bond interface
correctly, that is, down when all of its slaves are
down, in the 802.3ad mode.

Enhancements :

- This update backports several changes from the latest
upstream version of the bnx2x driver. The most important
change, the remote-fault link detection feature, allows
the driver to periodically scan the physical link layer
for remote faults. If the physical link appears to be up
and a fault is detected, the driver indicates that the
link is down. When the fault is cleared, the driver
indicates that the link is up again.

- The INET socket interface has been modified to send a
warning message when the ip_options structure is
allocated directly by a third-party module using the
kmalloc() function.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?00576769

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 63183 ()

Bugtraq ID:

CVE ID: CVE-2012-2372
CVE-2012-3552
CVE-2012-4508
CVE-2012-4535
CVE-2012-4537
CVE-2012-5513