CentOS Local Security Checks : CentOS Update for kernel CESA-2011:0163 centos5 i386

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.880553

Category: CentOS Local Security Checks

Title: CentOS Update for kernel CESA-2011:0163 centos5 i386

Summary: The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the sctp_icmp_proto_unreachable() function in the
Linux kernel's Stream Control Transmission Protocol (SCTP) implementation.
A remote attacker could use this flaw to cause a denial of service.
(CVE-2010-4526, Important)

This update also fixes the following bugs:

* Due to an off-by-one error, gfs2_grow failed to take the very last 'rgrp'
parameter into account when adding up the new free space. With this update,
the GFS2 kernel properly counts all the new resource groups and fixes the
'statfs' file correctly. (BZ#666792)

* Prior to this update, a multi-threaded application, which invoked
popen(3) internally, could cause a thread stall by FILE lock corruption.
The application program waited for a FILE lock in glibc, but the lock
seemed to be corrupted, which was caused by a race condition in the COW
(Copy On Write) logic. With this update, the race condition was corrected
and FILE lock corruption no longer occurs. (BZ#667050)

* If an error occurred during I/O, the SCSI driver reset the 'megaraid_sas'
controller to restore it to normal state. However, on Red Hat Enterprise
Linux 5, the waiting time to allow a full reset completion for the
'megaraid_sas' controller was too short. The driver incorrectly recognized
the controller as stalled, and, as a result, the system stalled as well.
With this update, more time is given to the controller to properly restart,
thus, the controller operates as expected after being reset. (BZ#667141)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Affected Software/OS:
kernel on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4526
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://www.securityfocus.com/archive/1/520102/100/0/threaded
42964
http://secunia.com/advisories/42964
45661
http://www.securityfocus.com/bid/45661
46397
http://secunia.com/advisories/46397
ADV-2011-0169
http://www.vupen.com/english/advisories/2011/0169
RHSA-2011:0163
http://www.redhat.com/support/errata/RHSA-2011-0163.html
[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()
http://www.openwall.com/lists/oss-security/2011/01/04/3
[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()
http://www.openwall.com/lists/oss-security/2011/01/04/13
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526
kernel-icmp-message-dos(64616)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64616

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.880553
Category:	CentOS Local Security Checks
Title:	CentOS Update for kernel CESA-2011:0163 centos5 i386
Summary:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the sctp_icmp_proto_unreachable() function in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-4526, Important) This update also fixes the following bugs: * Due to an off-by-one error, gfs2_grow failed to take the very last 'rgrp' parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes the 'statfs' file correctly. (BZ#666792) * Prior to this update, a multi-threaded application, which invoked popen(3) internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs. (BZ#667050) * If an error occurred during I/O, the SCSI driver reset the 'megaraid_sas' controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for the 'megaraid_sas' controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset. (BZ#667141) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4526 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42964 http://secunia.com/advisories/42964 45661 http://www.securityfocus.com/bid/45661 46397 http://secunia.com/advisories/46397 ADV-2011-0169 http://www.vupen.com/english/advisories/2011/0169 RHSA-2011:0163 http://www.redhat.com/support/errata/RHSA-2011-0163.html [oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() http://www.openwall.com/lists/oss-security/2011/01/04/3 [oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() http://www.openwall.com/lists/oss-security/2011/01/04/13 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526 kernel-icmp-message-dos(64616) https://exchange.xforce.ibmcloud.com/vulnerabilities/64616
Copyright	Copyright (C) 2011 Greenbone AG