Scientific Linux Security Update : glibc on SL6.x i386/x86_64

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A stack-based buffer overflow was found in the way the libresolv
library performed dual A/AAAA DNS queries. A remote attacker could
create a specially crafted DNS response which could cause libresolv to
crash or, potentially, execute code with the permissions of the user
running the library. Note: this issue is only exposed when libresolv
is called from the nss_dns NSS service module. (CVE-2015-7547)

This update also fixes the following bugs :

- The dynamic loader has been enhanced to allow the
loading of more shared libraries that make use of static
thread local storage. While static thread local storage
is the fastest access mechanism it may also prevent the
shared library from being loaded at all since the static
storage space is a limited and shared process-global
resource. Applications which would previously fail with
'dlopen: cannot load any more object with static TLS'
should now start up correctly.

- A bug in the POSIX realtime support would cause
asynchronous I/O or certain timer API calls to fail and
return errors in the presence of large thread-local
storage data that exceeded PTHREAD_STACK_MIN in size
(generally 16 KiB). The bug in librt has been corrected
and the impacted APIs no longer return errors when large
thread-local storage data is present in the application.

See also :

http://www.nessus.org/u?4669b2c2
https://www.tenable.com/security/research/tra-2017-08

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 88797 ()

Bugtraq ID:

CVE ID: CVE-2015-7547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now