Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)
High Nessus Plugin ID 127880
The remote Scientific Linux host is missing one or more security updates.
Security Fix(es) : - Kernel: page cache side channel attacks (CVE-2019-5489) - kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) - kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) - kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : - OOPS with NULL pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975) - Another RHEL 6 hang in congestion_wait() (BZ#1658254) - kernel crash after running user space script (BZ#1663262) - RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ#1666102) - Bad pagetable: 000f â€œ*pdpt = 0000000000000000 *pde = 0000000000000000â€ RHEL 6 32bit (BZ#1702782) - fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149) - Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185)