Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A race condition flaw was found in the N_HLDC Linux
kernel driver when accessing n_hdlc.tbuf list that can
lead to double free. A local, unprivileged user able to
set the HDLC line discipline on the tty device could use
this flaw to increase their privileges on the system.
(CVE-2017-2636, Important)

- A flaw was found in the Linux kernel's implementation of
seq_file where a local attacker could manipulate memory
in the put() function pointer. This could lead to memory
corruption and possible privileged escalation.
(CVE-2016-7910, Moderate)

Bug Fix(es) :

- Previously, Chelsio firmware included an
incorrectly-formatted firmware bin file. As a
consequence, the firmware could not be flashed. This
update provides a firmware bin file that is formatted
correctly. As a result, Chelsio firmware can now be
flashed successfully.

- When multiple simultaneous processes attempted to read
from the /proc/stat file, spinlock overhead was
generated on Non-Uniform Memory Access (NUMA) systems.
Consequently, a large amount of CPU was consumed. With
this update, the underlying source code has been fixed
to avoid taking spinlock when the interrupt line does
not exist. As a result, the spinlock overhead is now
generated less often, and multiple simultaneous
processes can now read /proc/stat without consuming a
large amount of CPU.

See also :

http://www.nessus.org/u?2723ff03

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 99301 ()

Bugtraq ID:

CVE ID: CVE-2016-7910
CVE-2017-2636

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now