This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
- A flaw was found in the way the Linux kernel's splice()
system call validated its parameters. On certain file
systems, a local, unprivileged user could use this flaw
to write past the maximum file size, and thus crash the
system. (CVE-2014-7822, Moderate)
This update also fixes the following bugs :
- Previously, hot-unplugging of a virtio-blk device could
in some cases lead to a kernel panic, for example during
in-flight I/O requests. This update fixes race condition
in the hot-unplug code in the virtio_blk.ko module. As a
result, hot unplugging of the virtio-blk device no
longer causes the guest kernel oops when there are
in-flight I/O requests.
- Before this update, due to a bug in the error-handling
path, a corrupted metadata block could be used as a
valid block. With this update, the error handling path
has been fixed and more checks have been added to verify
the metadata block. Now, when a corrupted metadata block
is encountered, it is properly marked as corrupted and
- Previously, an incorrectly initialized variable resulted
in a random value being stored in the variable that
holds the number of default ACLs, and is sent in the
SET_PATH_INFO data structure. Consequently, the setfacl
command could, under certain circumstances, fail with an
'Invalid argument' error. With this update, the variable
is correctly initialized to zero, thus fixing the bug.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2