Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A use-after-free vulnerability was found in the kernels
socket recvmmsg subsystem. This may allows remote
attackers to corrupt memory and may allow execution of
arbitrary code. This corruption takes place during the
error handling routines within __sys_recvmmsg()
function. (CVE-2016-7117, Important)

Bug Fix(es) :

- Previously, guest virtual machines (VMs) on a Hyper-V
server cluster got in some cases rebooted during the
graceful node failover test, because the host kept
sending heartbeat packets independently of guests
responding to them. This update fixes the bug by
properly responding to all the heartbeat messages in the
queue, even if they are pending. As a result, guest VMs
no longer get rebooted under the described
circumstances.

See also :

http://www.nessus.org/u?45bea1da

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 95984 ()

Bugtraq ID:

CVE ID: CVE-2016-7117

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now