RHEL 5 : kernel (RHSA-2010:0660)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix two security issues and multiple bugs
are now available for Red Hat Enterprise Linux 5.3 Extended Update
Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X
Window System server can be used to trigger this flaw. (CVE-2010-2240,
Important)

* a miscalculation of the size of the free space of the initial
directory entry in a directory leaf block was found in the Linux
kernel Global File System 2 (GFS2) implementation. A local,
unprivileged user with write access to a GFS2-mounted file system
could perform a rename operation on that file system to trigger a NULL
pointer dereference, possibly resulting in a denial of service or
privilege escalation. (CVE-2010-2798, Important)

Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the
original reporter
and Grant Diffey of CenITex for reporting
CVE-2010-2798.

This update also fixes the following bugs :

* the Red Hat Enterprise Linux 5.3 General Availability (GA) release
introduced a regression in iSCSI failover time. While there was heavy
I/O on the iSCSI layer, attempting to log out of an iSCSI connection
at the same time a network problem was occurring, such as a switch
dying or a cable being pulled out, resulted in iSCSI failover taking
several minutes. With this update, failover occurs as expected.
(BZ#583898)

* a bug was found in the way the megaraid_sas driver (for SAS based
RAID controllers) handled physical disks and management IOCTLs. All
physical disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a
timeout occurred. One possible trigger for this bug was running
'mkfs'. This update resolves this issue by updating the megaraid_sas
driver to version 4.31. (BZ#619362)

* this update upgrades the bnx2x driver to version 1.52.1-6, and the
bnx2x firmware to version 1.52.1-6, incorporating multiple bug fixes
and enhancements. These fixes include: A race condition on systems
using the bnx2x driver due to multiqueue being used to transmit data,
but only a single queue transmit ON/OFF scheme being used (only a
single queue is used with this update)
a bug that could have led to a
kernel panic when using iSCSI offload
and a bug that caused a
firmware crash, causing network devices using the bnx2x driver to lose
network connectivity. When this firmware crash occurred, errors such
as 'timeout polling for state' and 'Stop leading failed!' were logged.
A system reboot was required to restore network connectivity.
(BZ#620663, BZ#620668, BZ#620669, BZ#620665)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-2240.html
https://www.redhat.com/security/data/cve/CVE-2010-2798.html
http://rhn.redhat.com/errata/RHSA-2010-0660.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63950 ()

Bugtraq ID: 42124

CVE ID: CVE-2010-2240
CVE-2010-2798