Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- A flaw was found in the way the Linux kernel's splice()
system call validated its parameters. On certain file
systems, a local, unprivileged user could use this flaw
to write past the maximum file size, and thus crash the
system. (CVE-2014-7822, Moderate)

This update also fixes the following bugs :

- Previously, hot-unplugging of a virtio-blk device could
in some cases lead to a kernel panic, for example during
in-flight I/O requests. This update fixes race condition
in the hot-unplug code in the virtio_blk.ko module. As a
result, hot unplugging of the virtio-blk device no
longer causes the guest kernel oops when there are
in-flight I/O requests.

- Before this update, due to a bug in the error-handling
path, a corrupted metadata block could be used as a
valid block. With this update, the error handling path
has been fixed and more checks have been added to verify
the metadata block. Now, when a corrupted metadata block
is encountered, it is properly marked as corrupted and
handled accordingly.

- Previously, an incorrectly initialized variable resulted
in a random value being stored in the variable that
holds the number of default ACLs, and is sent in the
SET_PATH_INFO data structure. Consequently, the setfacl
command could, under certain circumstances, fail with an
'Invalid argument' error. With this update, the variable
is correctly initialized to zero, thus fixing the bug.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?b0af3076

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 81308 ()

Bugtraq ID:

CVE ID: CVE-2014-7822

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now