Scientific Linux Security Update : setroubleshoot on SL5.x, SL6.x, SL7.x i386/x86_64
Critical Nessus Plugin ID 82294
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. (CVE-2015-1815)
SolutionUpdate the affected packages.