Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- It was found that the Xen hypervisor did not always lock
'page_alloc_lock' and 'grant_table.lock' in the same
order. This could potentially lead to a deadlock. A
malicious guest administrator could use this flaw to
cause a denial of service on the host. (CVE-2013-4494,
Moderate)

This update also fixes the following bugs :

- A recent patch to the CIFS code that introduced the
NTLMSSP (NT LAN Manager Security Support Provider)
authentication mechanism caused a regression in CIFS
behavior. As a result of the regression, an encryption
key that is returned during the SMB negotiation protocol
response was only used for the first session that was
created on the SMB client. Any subsequent mounts to the
same server did not use the encryption key returned by
the initial negotiation with the server. As a
consequence, it was impossible to mount multiple SMB
shares with different credentials to the same server. A
patch has been applied to correct this problem so that
an encryption key or a server challenge is now provided
for every SMB session during the SMB negotiation
protocol response.

- The igb driver previously used a 16-bit mask when
writing values of the flow control high-water mark to
hardware registers on a network device. Consequently,
the values were truncated on some network devices,
disrupting the flow control. A patch has been applied to
the igb driver so that it now uses a 32-bit mask as
expected.

- The IPMI driver did not properly handle kernel panic
messages. Consequently, when a kernel panic occurred on
a system that was utilizing IPMI without Kdump being set
up, a second kernel panic could be triggered. A patch
has been applied to the IPMI driver to fix this problem,
and a message handler now properly waits for a response
to panic event messages.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?8cb96d26

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.2
(CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 72210 ()

Bugtraq ID:

CVE ID: CVE-2013-4494