Scientific Linux Security Update : kernel on SL4.x i386/x86_64
Critical Nessus Plugin ID 60831
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThis update fixes the following security issues :
- a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).
- buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution.
This update also fixes the following bug :
- the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)
The system must be rebooted for this update to take effect.
SolutionUpdate the affected packages.