Detections
Analytics

Scientific Linux Security Update : Important: OpenAFS on SL6.x, SL7.x i386/x86_64 (20191023)

high Nessus Plugin ID 130191

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fixes :

 - Fix OPENAFS-SA-2019-001: information leakage in failed RPC output Generated RPC handler routines ran output variables through XDR encoding even when the call had failed and would shortly be aborted (and for which uninitialized output variables is common); any complete packets assembled in the process would be sent to the peer, leaking the contents of the uninitialized memory in question.

 - Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars Generated RPC handler routines did not initialize output variables of scalar (fixed-length) type, since they did not require dedicated logic to free. Such variables allocated on the stack could remain uninitialized in some cases (including those affected by OPENAFS-SA-2019-001), and the contents of uninitialized memory would be returned to the peer.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?d1061ef5

Plugin Details

Severity: High

ID: 130191

File Name: sl_20191023_Important__OpenAFS_on_SL6_x.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/24/2019

Updated: 2/24/2020

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:kmod-openafs-1.6-sl-1062, p-cpe:/a:fermilab:scientific_linux:kmod-openafs-1.6-sl-1062-debuginfo, p-cpe:/a:fermilab:scientific_linux:kmod-openafs-754, p-cpe:/a:fermilab:scientific_linux:kmod-openafs-754-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 10/23/2019

Vulnerability Publication Date: 10/23/2019