Scientific Linux Security Update : luci on SL6.x i386/x86_64
Medium Nessus Plugin ID 78847
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593)
SolutionUpdate the affected luci and / or luci-debuginfo packages.