The remote Scientific Linux host is missing one or more security
This update fixes the following security issues :
- A flaw was found in the tcp_read_sock() function in the
Linux kernel's IPv4 TCP/IP protocol suite implementation
in the way socket buffers (skb) were handled. A local,
unprivileged user could trigger this issue via a call to
splice(), leading to a denial of service.
- Information leak flaws in the Linux kernel could allow a
local, unprivileged user to leak kernel memory to
user-space. (CVE-2012-6548, CVE-2013-2634,
CVE-2013-2635, CVE-2013-3222, CVE-2013-3224,
- An information leak was found in the Linux kernel's
POSIX signals implementation. A local, unprivileged user
could use this flaw to bypass the Address Space Layout
Randomization (ASLR) security feature. (CVE-2013-0914,
- A format string flaw was found in the ext3_msg()
function in the Linux kernel's ext3 file system
implementation. A local user who is able to mount an
ext3 file system could use this flaw to cause a denial
of service or, potentially, escalate their privileges.
- A format string flaw was found in the
b43_do_request_fw() function in the Linux kernel's b43
driver implementation. A local user who is able to
specify the 'fwpostfix' b43 module parameter could use
this flaw to cause a denial of service or, potentially,
escalate their privileges. (CVE-2013-2852, Low)
- A NULL pointer dereference flaw was found in the Linux
kernel's ftrace and function tracer implementations. A
local user who has the CAP_SYS_ADMIN capability could
use this flaw to cause a denial of service.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2