This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A stack-based buffer overflow was found in the way the libresolv
library performed dual A/AAAA DNS queries. A remote attacker could
create a specially crafted DNS response which could cause libresolv to
crash or, potentially, execute code with the permissions of the user
running the library. Note: this issue is only exposed when libresolv
is called from the nss_dns NSS service module. (CVE-2015-7547)
This update also fixes the following bugs :
- The dynamic loader has been enhanced to allow the
loading of more shared libraries that make use of static
thread local storage. While static thread local storage
is the fastest access mechanism it may also prevent the
shared library from being loaded at all since the static
storage space is a limited and shared process-global
resource. Applications which would previously fail with
'dlopen: cannot load any more object with static TLS'
should now start up correctly.
- A bug in the POSIX realtime support would cause
asynchronous I/O or certain timer API calls to fail and
return errors in the presence of large thread-local
storage data that exceeded PTHREAD_STACK_MIN in size
(generally 16 KiB). The bug in librt has been corrected
and the impacted APIs no longer return errors when large
thread-local storage data is present in the application.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0