Scientific Linux Security Update : kernel on SL7.x x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

To see the complete list of bug fixes, users are directed to the
related Knowledge Article :

Security Fix(es) :

- A flaw was found in the Linux kernel's keyring handling
code, where in key_reject_and_link() an uninitialised
variable would eventually lead to arbitrary free address
which could allow attacker to use a use-after-free style
attack. (CVE-2016-4470, Important)

- The ovl_setattr function in fs/overlayfs/inode.c in the
Linux kernel through 4.3.3 attempts to merge distinct
setattr operations, which allows local users to bypass
intended access restrictions and modify the attributes
of arbitrary overlay files via a crafted application.
(CVE-2015-8660, Moderate)

- It was reported that on s390x, the fork of a process
with four page table levels will cause memory corruption
with a variety of symptoms. All processes are created
with three level page table and a limit of 4TB for the
address space. If the parent process has four page table
levels with a limit of 8PB, the function that duplicates
the address space will try to copy memory areas outside
of the address space limit for the child process.
(CVE-2016-2143, Moderate)

Bug Fix(es) :

- The glibc headers and the Linux headers share certain
definitions of key structures that are required to be
defined in kernel and in userspace. In some instances
both userspace and sanitized kernel headers have to be
included in order to get the structure definitions
required by the user program. Unfortunately because the
glibc and Linux headers don't coordinate this can result
in compilation errors. The glibc headers have therefore
been fixed to coordinate with Linux UAPI-based headers.
With the header coordination compilation errors no
longer occur.

- When running the TCP/IPv6 traffic over the mlx4_en
networking interface on the big endian architectures,
call traces reporting about a 'hw csum failure' could
occur. With this update, the mlx4_en driver has been
fixed by correction of the checksum calculation for the
big endian architectures. As a result, the call trace
error no longer appears in the log messages.

- Under significant load, some applications such as
logshifter could generate bursts of log messages too
large for the system logger to spool. Due to a race
condition, log messages from that application could then
be lost even after the log volume dropped to manageable
levels. This update fixes the kernel mechanism used to
notify the transmitter end of the socket used by the
system logger that more space is available on the
receiver side, removing a race condition which
previously caused the sender to stop transmitting new
messages and allowing all log messages to be processed
correctly.

- Previously, after heavy open or close of the Accelerator
Function Unit (AFU) contexts, the interrupt packet went
out and the AFU context did not see any interrupts.
Consequently, a kernel panic could occur. The provided
patch set fixes handling of the interrupt requests, and
kernel panic no longer occurs in the described
situation.

- net: recvfrom would fail on short buffer.

- Backport rhashtable changes from upstream.

- Server Crashing after starting Glusterd & creating
volumes.

- RAID5 reshape deadlock fix.

- BDX perf uncore support fix.

See also :

http://www.nessus.org/u?194750af

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 92719 ()

Bugtraq ID:

CVE ID: CVE-2015-8660
CVE-2016-2143
CVE-2016-4470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now