This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
- An integer overflow flaw was found in the way the Linux
kernel's Frame Buffer device implementation mapped
kernel memory to user space via the mmap syscall. A
local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate
their privileges on the system. (CVE-2013-2596,
- It was found that the Xen hypervisor x86 CPU emulator
implementation did not correctly handle certain
instructions with segment overrides, potentially
resulting in a memory corruption. A malicious guest user
could use this flaw to read arbitrary data relating to
other guests, cause a denial of service on the host, or
potentially escalate their privileges on the host.
This update also fixes the following bugs :
- Previously, the CPU power of a CPU group could be zero.
As a consequence, a kernel panic occurred at
'find_busiest_group+570' with do_divide_error. The
provided patch ensures that the division is only
performed if the CPU power is not zero, and the
aforementioned panic no longer occurs.
- Prior to this update, a bug occurred when performing an
online resize of an ext4 file system which had been
previously converted from ext3. As a consequence, the
kernel crashed. The provided patch fixes online resizing
for such file systems by limiting the blockgroup search
loop for non- extent files, and the mentioned kernel
crash no longer occurs.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2