Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- A flaw was found in the way the Linux kernel's TCP/IP
protocol suite implementation handled TCP packets with
both the SYN and FIN flags set. A remote attacker could
use this flaw to consume an excessive amount of
resources on the target system, potentially resulting in
a denial of service. (CVE-2012-6638, Moderate)

- A flaw was found in the way the Linux kernel handled HID
(Human Interface Device) reports with an out-of-bounds
Report ID. An attacker with physical access to the
system could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
(CVE-2013-2888, Moderate)

This update also fixes the following bugs :

- A previous change to the sunrpc code introduced a race
condition between the rpc_wake_up_task() and
rpc_wake_up_status() functions. A race between threads
operating on these functions could result in a deadlock
situation, subsequently triggering a 'soft lockup' event
and rendering the system unresponsive. This problem has
been fixed by re-ordering tasks in the RPC wait queue.

- Running a process in the background on a GFS2 file
system could sometimes trigger a glock recursion error
that resulted in a kernel panic. This happened when a
readpage operation attempted to take a glock that had
already been held by another function. To prevent this
error, GFS2 now verifies whether the glock is already
held when performing the readpage operation.

- A previous patch backport to the IUCV (Inter User
Communication Vehicle) code was incomplete.
Consequently, when establishing an IUCV connection, the
kernel could, under certain circumstances, dereference a
NULL pointer, resulting in a kernel panic. A patch has
been applied to correct this problem by calling the
proper function when removing IUCV paths.

In addition, this update adds the following enhancement :

- The lpfc driver had a fixed timeout of 60 seconds for
SCSI task management commands. With this update, the
lpfc driver enables the user to set this timeout within
the range from 5 to 180 seconds. The timeout can be
changed by modifying the 'lpfc_task_mgmt_tmo' parameter
for the lpfc driver.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?683e66ee

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 73706 ()

Bugtraq ID:

CVE ID: CVE-2012-6638
CVE-2013-2888