Scientific Linux Security Update : kernel on SL4.x i386/x86_64

High Nessus Plugin ID 60802

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security fixes :

- a NULL pointer dereference flaw was found in the Linux kernel NFSv4 implementation. Several of the NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local, unprivileged user on a system with an NFSv4 share mounted could possibly use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2009-3726, Important)

- a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important)

- a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important)

Red Hat would like to thank Simon Vallet for responsibly reporting CVE-2009-3726; and Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173.

Bug fixes :

- RHBA-2007:0791 introduced a regression in the Journaling Block Device (JBD). Under certain circumstances, removing a large file (such as 300 MB or more) did not result in inactive memory being freed, leading to the system having a large amount of inactive memory. Now, the memory is correctly freed. (BZ#589155)

- the timer_interrupt() routine did not scale lost real ticks to logical ticks correctly, possibly causing time drift for 64-bit Scientific Linux 4 KVM (Kernel-based Virtual Machine) guests that were booted with the 'divider=x' kernel parameter set to a value greater than 1. 'warning: many lost ticks' messages may have been logged on the affected guest systems. (BZ#590551)

- a bug could have prevented NFSv3 clients from having the most up-to-date file attributes for files on a given NFSv3 file system. In cases where a file type changed, such as if a file was removed and replaced with a directory of the same name, the NFSv3 client may not have noticed this change until stat(2) was called (for example, by running 'ls -l'). (BZ#596372)

- RHBA-2007:0791 introduced bugs in the Linux kernel PCI-X subsystem. These could have caused a system deadlock on some systems where the BIOS set the default Maximum Memory Read Byte Count (MMRBC) to 4096, and that also use the Intel PRO/1000 Linux driver, e1000. Errors such as 'e1000: eth[x]: e1000_clean_tx_irq: Detected Tx Unit Hang' were logged. (BZ#596374)

- an out of memory condition in a KVM guest, using the virtio-net network driver and also under heavy network stress, could have resulted in that guest being unable to receive network traffic. Users had to manually remove and re-add the virtio_net module and restart the network service before networking worked as expected. Such memory conditions no longer prevent KVM guests receiving network traffic. (BZ#597310)

- when an SFQ qdisc that limited the queue size to two packets was added to a network interface, sending traffic through that interface resulted in a kernel crash. Such a qdisc no longer results in a kernel crash.
(BZ#597312)

- when an NFS client opened a file with the O_TRUNC flag set, it received a valid stateid, but did not use that stateid to perform the SETATTR call. Such cases were rejected by Red Hat Enterprise Linux 4 NFS servers with an 'NFS4ERR_BAD_STATEID' error, possibly preventing some NFS clients from writing files to an NFS file system.
(BZ#597314)

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=589155

https://bugzilla.redhat.com/show_bug.cgi?id=590551

https://bugzilla.redhat.com/show_bug.cgi?id=596372

https://bugzilla.redhat.com/show_bug.cgi?id=596374

https://bugzilla.redhat.com/show_bug.cgi?id=597310

https://bugzilla.redhat.com/show_bug.cgi?id=597312

https://bugzilla.redhat.com/show_bug.cgi?id=597314

http://www.nessus.org/u?0ec6b796

Plugin Details

Severity: High

ID: 60802

File Name: sl_20100615_kernel_on_SL4_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2012/08/01

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2010/06/15

Vulnerability Publication Date: 2009/11/09

Reference Information

CVE: CVE-2009-3726, CVE-2010-1173, CVE-2010-1437

CWE: 399