Scientific Linux Security Update : mod_auth_mellon on SL6.x i386/x86_64
High Nessus Plugin ID 79081
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionAn information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. (CVE-2014-8566)
It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash. (CVE-2014-8567)
SolutionUpdate the affected mod_auth_mellon and / or mod_auth_mellon-debuginfo packages.