This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was found that getaddrinfo() did not limit the amount of stack
memory used during name resolution. An attacker able to make an
application resolve an attacker-controlled hostname or IP address
could possibly cause the application to exhaust all stack memory and
A flaw was found in the regular expression matching routines that
process multibyte character input. If an application utilized the
glibc regular expression matching mechanism, an attacker could provide
specially crafted input that, when processed, would cause the
application to crash. (CVE-2013-0242)
This update also fixes the following bugs :
- The improvements made in a previous update to the
accuracy of floating point functions in the math library
caused performance regressions for those functions. The
performance regressions were analyzed and a fix was
applied that retains the current accuracy but reduces
the performance penalty to acceptable levels.
- It was possible that a memory location freed by the
localization code could be accessed immediately after,
resulting in a crash. The fix ensures that the
application does not crash by avoiding the invalid
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 66227 ()
CVE ID: CVE-2013-0242CVE-2013-1914
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.