Scientific Linux Security Update : kernel on SL4.x i386/x86_64
High Nessus Plugin ID 60728
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionCVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs
CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl
CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow
CVE-2009-4020 kernel: hfs buffer overflow
This update fixes the following security issues :
- an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.
- a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.
- permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel.
The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)
- a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)
This update also fixes the following bugs :
- if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running 'strace -f' on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)
- a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)
- the kernel-2.6.9-89.0.19.EL update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver.
This update implements a better solution for that issue.
Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)
The system must be rebooted for this update to take effect.
SolutionUpdate the affected packages.