Scientific Linux Security Update : kernel on SL4.x i386/x86_64

high Nessus Plugin ID 60787

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security fixes :

- Kernel update 2.6.9-89.EL introduced a flaw in the ptrace implementation on Itanium systems.
ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important)

- a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important)

- a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important)

- a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate)

- an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak.
(CVE-2010-1083, Low)

Bug fixes :

- a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot. (BZ#567205)

- the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Scientific Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.
(BZ#574392)

- Kernel update 2.6.9-89.EL introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234)

- a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089)

- on some systems, using the 'arp_validate=3' bonding option caused both links to show as 'down' even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842)

- in some circumstances, when a Scientific Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic. 'bad_inode_ops' handling was changed to prevent this. Note: filehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908)

- when installing a Scientific Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911)

Enhancements :

- kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly. (BZ#563223)

- support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events.
(BZ#582913)

- kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241)

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=563223

https://bugzilla.redhat.com/show_bug.cgi?id=567205

https://bugzilla.redhat.com/show_bug.cgi?id=574392

https://bugzilla.redhat.com/show_bug.cgi?id=577234

https://bugzilla.redhat.com/show_bug.cgi?id=580089

https://bugzilla.redhat.com/show_bug.cgi?id=580842

https://bugzilla.redhat.com/show_bug.cgi?id=582241

https://bugzilla.redhat.com/show_bug.cgi?id=582908

https://bugzilla.redhat.com/show_bug.cgi?id=582911

https://bugzilla.redhat.com/show_bug.cgi?id=582913

http://www.nessus.org/u?e599594d

Plugin Details

Severity: High

ID: 60787

File Name: sl_20100505_kernel_on_SL4_x.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 5/5/2010

Vulnerability Publication Date: 3/16/2010

Reference Information

CVE: CVE-2010-0729, CVE-2010-1083, CVE-2010-1085, CVE-2010-1086, CVE-2010-1188