RHEL 5 : kernel (RHSA-2010:0670)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix two security issues and three bugs
are now available for Red Hat Enterprise Linux 5.4 Extended Update
Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X
Window System server can be used to trigger this flaw. (CVE-2010-2240,
Important)

* A miscalculation of the size of the free space of the initial
directory entry in a directory leaf block was found in the Linux
kernel Global File System 2 (GFS2) implementation. A local,
unprivileged user with write access to a GFS2-mounted file system
could perform a rename operation on that file system to trigger a NULL
pointer dereference, possibly resulting in a denial of service or
privilege escalation. (CVE-2010-2798, Important)

Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the
original reporter
and Grant Diffey of CenITex for reporting
CVE-2010-2798.

This update also fixes the following bugs :

* Problems receiving network traffic correctly via a non-standard
layer 3 protocol when using the ixgbe driver. This update corrects
this issue. (BZ#618275)

* A bug was found in the way the megaraid_sas driver (for SAS based
RAID controllers) handled physical disks and management IOCTLs. All
physical disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a
timeout occurred. One possible trigger for this bug was running
'mkfs'. This update resolves this issue by updating the megaraid_sas
driver to version 4.31. (BZ#619363)

* Previously, Message Signaled Interrupts (MSI) resulted in PCI bus
writes to mask and unmask the MSI IRQ for a PCI device. These
unnecessary PCI bus writes resulted in the serialization of MSIs,
leading to poor performance on systems with high MSI load. This update
adds a new kernel boot parameter, msi_nolock, which forgoes the PCI
bus writes and allows for better simultaneous processing of MSIs.
(BZ#621939)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-2240.html
https://www.redhat.com/security/data/cve/CVE-2010-2798.html
http://rhn.redhat.com/errata/RHSA-2010-0670.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63951 ()

Bugtraq ID:

CVE ID: CVE-2010-2240
CVE-2010-2798