Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

- An integer overflow flaw was found in the way the Linux
kernel's Frame Buffer device implementation mapped
kernel memory to user space via the mmap syscall. A
local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate
their privileges on the system. (CVE-2013-2596,
Important)

- It was found that the Xen hypervisor x86 CPU emulator
implementation did not correctly handle certain
instructions with segment overrides, potentially
resulting in a memory corruption. A malicious guest user
could use this flaw to read arbitrary data relating to
other guests, cause a denial of service on the host, or
potentially escalate their privileges on the host.
(CVE-2015-2151, Important)

This update also fixes the following bugs :

- Previously, the CPU power of a CPU group could be zero.
As a consequence, a kernel panic occurred at
'find_busiest_group+570' with do_divide_error. The
provided patch ensures that the division is only
performed if the CPU power is not zero, and the
aforementioned panic no longer occurs.

- Prior to this update, a bug occurred when performing an
online resize of an ext4 file system which had been
previously converted from ext3. As a consequence, the
kernel crashed. The provided patch fixes online resizing
for such file systems by limiting the blockgroup search
loop for non- extent files, and the mentioned kernel
crash no longer occurs.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?b14baafe

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 89957 ()

Bugtraq ID:

CVE ID: CVE-2013-2596
CVE-2015-2151

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now