Scientific Linux Security Update : glibc on SL5.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in glibc's memory allocator functions (pvalloc,
valloc, and memalign). If an application used such a function, it
could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2013-4332)

This update also fixes the following bug :

- Prior to this update, the size of the L3 cache in
certain CPUs for SMP (Symmetric Multiprocessing) servers
was not correctly detected. The incorrect cache size
detection resulted in less than optimal performance for
routines that used this information, including the
memset() function. To fix this bug, the cache size
detection has been corrected and core routines including
memset() have their performance restored to expected
levels.

See also :

http://www.nessus.org/u?31cfedf7

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 70393 ()

Bugtraq ID:

CVE ID: CVE-2013-4332