Detections
Analytics

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

high Nessus Plugin ID 60599

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security fixes :

 - several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)

 - the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users.
 This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)

 - Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations.
 This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems.
 (CVE-2009-1630, Moderate)

 - a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.
 (CVE-2009-1758, Moderate)

 - a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low)

Bug fixes :

 - a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. 'Busy inodes' messages may have been logged. (BZ#498653)

 - nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium®-based systems.
 (BZ#500349)

 - LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)

 - ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once. (BZ#486945)

 - epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)

 - missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented.
 (BZ#497271)

 - on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)

 - in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data. (BZ#486921)

 - when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)

 - with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned.
 (BZ#499783)

 - the '-fwrapv' flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)

 - a kernel panic when enabling and disabling iSCSI paths.
 (BZ#502916)

 - using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)

 - '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps. (BZ#499546)

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=486921

https://bugzilla.redhat.com/show_bug.cgi?id=486926

https://bugzilla.redhat.com/show_bug.cgi?id=486945

https://bugzilla.redhat.com/show_bug.cgi?id=497271

https://bugzilla.redhat.com/show_bug.cgi?id=497322

https://bugzilla.redhat.com/show_bug.cgi?id=498653

https://bugzilla.redhat.com/show_bug.cgi?id=499546

https://bugzilla.redhat.com/show_bug.cgi?id=499783

https://bugzilla.redhat.com/show_bug.cgi?id=500120

https://bugzilla.redhat.com/show_bug.cgi?id=500349

https://bugzilla.redhat.com/show_bug.cgi?id=501742

https://bugzilla.redhat.com/show_bug.cgi?id=501751

https://bugzilla.redhat.com/show_bug.cgi?id=502837

https://bugzilla.redhat.com/show_bug.cgi?id=502916

http://www.nessus.org/u?40c09254

Plugin Details

Severity: High

ID: 60599

File Name: sl_20090616_kernel_on_SL5_x.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 6/16/2009

Vulnerability Publication Date: 3/24/2009

Reference Information

CVE: CVE-2009-1072, CVE-2009-1192, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1758

CWE: 119, 16, 264, 399