Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- An information leak flaw was found in the way the Xen
hypervisor handled error conditions when reading guest
memory during certain guest-originated operations, such
as port or memory mapped I/O writes. A privileged user
in a fully-virtualized guest could use this flaw to leak
hypervisor stack memory to a guest. (CVE-2013-4355,
Moderate)

This update also fixes the following bugs :

- A previous fix to the kernel did not contain a memory
barrier in the percpu_up_write() function. Consequently,
under certain circumstances, a race condition could
occur leading to memory corruption and a subsequent
kernel panic. This update introduces a new memory
barrier pair, light_mb() and heavy_mb(), for per-CPU
basis read and write semaphores (percpu-rw- semaphores)
ensuring that the race condition can no longer occur. In
addition, the read path performance of
'percpu-rw-semaphores' has been improved.

- Due to a bug in the tg3 driver, systems that had the
Wake-on-LAN (WOL) feature enabled on their NICs could
not have been woken up from suspension or hibernation
using WOL. A missing pci_wake_from_d3() function call
has been added to the tg3 driver, which ensures that WOL
functions properly by setting the PME_ENABLE bit.

- Due to an incorrect test condition in the mpt2sas
driver, the driver was unable to catch failures to map a
SCSI scatter-gather list. The test condition has been
corrected so that the mpt2sas driver now handles SCSI
scatter-gather mapping failures as expected.

- A previous patch to the kernel introduced the 'VLAN tag
re-insertion' workaround to resolve a problem with
incorrectly handled VLAN-tagged packets with no assigned
VLAN group while the be2net driver was in promiscuous
mode. However, this solution led to packet corruption
and a subsequent kernel oops if such a processed packed
was a GRO packet. Therefore, a patch has been applied to
restrict VLAN tag re-insertion only to non-GRO packets.
The be2net driver now processes VLAN-tagged packets with
no assigned VLAN group correctly in this situation.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?8be9890e

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 1.5
(CVSS2#AV:L/AC:M/Au:S/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 71305 ()

Bugtraq ID:

CVE ID: CVE-2013-4355