This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
This update fixes the following security issues :
- It was found that a deadlock could occur in the Out of
Memory (OOM) killer. A process could trigger this
deadlock by consuming a large amount of memory, and then
causing request_module() to be called. A local,
unprivileged user could use this flaw to cause a denial
of service (excessive memory consumption).
- A flaw was found in the way the KVM (Kernel-based
Virtual Machine) subsystem handled guests attempting to
run with the X86_CR4_OSXSAVE CPU feature flag set. On
hosts without the XSAVE CPU feature, a local,
unprivileged user could use this flaw to crash the host
system. (The 'grep --color xsave /proc/cpuinfo' command
can be used to verify if your system has the XSAVE CPU
feature.) (CVE-2012-4461, Moderate)
- A memory disclosure flaw was found in the way the
load_script() function in the binfmt_script binary
format handler handled excessive recursions. A local,
unprivileged user could use this flaw to leak kernel
stack memory to user-space by executing specially
crafted scripts. (CVE-2012-4530, Low)
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.9
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 64489 ()
CVE ID: CVE-2012-4398CVE-2012-4461CVE-2012-4530
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.