This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
- It was found that the Linux kernel's Infiniband
subsystem did not properly sanitize input parameters
while registering memory regions from user space via the
(u)verbs API. A local user with access to a
/dev/infiniband/uverbsX device could use this flaw to
crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-8159, Important)
- An insufficient bound checking flaw was found in the Xen
hypervisor's implementation of acceleration support for
the 'REP MOVS' instructions. A privileged HVM guest user
could potentially use this flaw to crash the host.
This update also fixes the following bugs :
- Under memory pressure, cached data was previously
flushed to the backing server using the PID of the
thread responsible for flushing the data in the Server
Message Block (SMB) headers instead of the PID of the
thread which actually wrote the data. As a consequence,
when a file was locked by the writing thread prior to
writing, the server considered writes by the thread
flushing the pagecache as being a separate process from
writing to a locked file, and thus rejected the writes.
In addition, the data to be written was discarded. This
update ensures that the correct PID is sent to the
server, and data corruption is avoided when data is
being written from a client under memory pressure.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.9