Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- A flaw was found in the way the Linux kernel's floppy
driver handled user space provided data in certain error
code paths while processing FDRAWCMD IOCTL commands. A
local user with write access to /dev/fdX could use this
flaw to free (using the kfree() function) arbitrary
kernel memory. (CVE-2014-1737, Important)

- It was found that the Linux kernel's floppy driver
leaked internal kernel memory addresses to user space
during the processing of the FDRAWCMD IOCTL command. A
local user with write access to /dev/fdX could use this
flaw to obtain information about the kernel heap
arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two
flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate
their privileges on the system.

- A NULL pointer dereference flaw was found in the
rds_ib_laddr_check() function in the Linux kernel's
implementation of Reliable Datagram Sockets (RDS). A
local, unprivileged user could use this flaw to crash
the system. (CVE-2013-7339, Moderate)

This update also fixes the following bugs :

- A bug in the futex system call could result in an
overflow when passing a very large positive timeout. As
a consequence, the FUTEX_WAIT operation did not work as
intended and the system call was timing out immediately.
A backported patch fixes this bug by limiting very large
positive timeouts to the maximal supported value.

- A new Linux Security Module (LSM) functionality related
to the setrlimit hooks should produce a warning message
when used by a third party module that could not cope
with it. However, due to a programming error, the kernel
could print this warning message when a process was
setting rlimits for a different process, or if rlimits
were modified by another than the main thread even
though there was no incompatible third party module.
This update fixes the relevant code and ensures that the
kernel handles this warning message correctly.

- Previously, the kernel was unable to detect KVM on
system boot if the Hyper-V emulation was enabled. A
patch has been applied to ensure that both KVM and
Hyper-V hypervisors are now correctly detected during
system boot.

- A function in the RPC code responsible for verifying
whether cached credentials match the current process did
not perform the check correctly. The code checked only
whether the groups in the current process credentials
appear in the same order as in the cached credentials
but did not ensure that no other groups are present in
the cached credentials. As a consequence, when accessing
files in NFS mounts, a process with the same UID and GID
as the original process but with a non-matching group
list could have been granted an unauthorized access to a
file, or under certain circumstances, the process could
have been wrongly prevented from accessing the file. The
incorrect test condition has been fixed and the problem
can no longer occur.

- When being under heavy load, some Fibre Channel storage
devices, such as Hitachi and HP Open-V series, can send
a logout (LOGO) message to the host system. However, due
to a bug in the lpfc driver, this could result in a loss
of active paths to the storage and the paths could not
be recovered without manual intervention. This update
corrects the lpfc driver to ensure automatic recovery of
the lost paths to the storage in this scenario.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?2d53228c

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 74489 ()

Bugtraq ID:

CVE ID: CVE-2013-7339
CVE-2014-1737
CVE-2014-1738