Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was found that stacking a file system over procfs in
the Linux kernel could lead to a kernel stack overflow
due to deep nesting, as demonstrated by mounting
ecryptfs over procfs and creating a recursion by mapping
/proc/environ. An unprivileged, local user could
potentially use this flaw to escalate their privileges
on the system. (CVE-2016-1583, Important)

- It was reported that on s390x, the fork of a process
with four page table levels will cause memory corruption
with a variety of symptoms. All processes are created
with three level page table and a limit of 4TB for the
address space. If the parent process has four page table
levels with a limit of 8PB, the function that duplicates
the address space will try to copy memory areas outside
of the address space limit for the child process.
(CVE-2016-2143, Moderate)

Bug Fix(es) :

- Use of a multi-threaded workload with high memory
mappings sometiems caused a kernel panic, due to a race
condition between the context switch and the pagetable
upgrade. This update fixes the switch_mm() by using the
complete asce parameter instead of the asce_bits
parameter. As a result, the kernel no longer panics in
the described scenario.

- When iptables created the Transmission Control Protocol
(TCP) reset packet, a kernel crash could occur due to
uninitialized pointer to the TCP header within the
Socket Buffer (SKB). This update fixes the transport
header pointer in TCP reset for both IPv4 and IPv6, and
the kernel no longer crashes in the described situation.

- Previously, when the Enhanced Error Handling (EEH)
mechanism did not block the PCI configuration space
access and an error was detected, a kernel panic
occurred. This update fixes EEH to fix this problem. As
a result, the kernel no longer panics in the described
scenario.

- When the lockd service failed to start up completely,
the notifier blocks were in some cases registered on a
notification chain multiple times, which caused the
occurrence of a circular list on the notification chain.
Consequently, a soft lock-up or a kernel oops occurred.
With this update, the notifier blocks are unregistered
if lockd fails to start up completely, and the soft
lock-ups or the kernel oopses no longer occur under the
described circumstances.

- When the Fibre Channel over Ethernet (FCoE) was
configured, the FCoE MaxFrameSize parameter was
incorrectly restricted to 1452. With this update, the
NETIF_F_ALL_FCOE symbol is no longer ignored, which
fixes this bug. MaxFrameSize is now restricted to 2112,
which is the correct value.

- When the fnic driver was installed on Cisco UCS Blade
Server, the discs were under certain circumstances put
into the offline state with the following error message:
'Medium access timeout failure. Offlining disk!'. This
update fixes fnic to set the Small Computer System
Interface (SCSI) status as DID_ABORT after a successful
abort operation. As a result, the discs are no longer
put into the offlined state in the described situation.

See also :

http://www.nessus.org/u?1603dec4

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 95050 ()

Bugtraq ID:

CVE ID: CVE-2016-1583
CVE-2016-2143

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now