Scientific Linux Security Update : openafs on SL5.x, SL6.x, SL7.x i386/x86_64
Medium Nessus Plugin ID 85150
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionAll server platforms
* Fix for CVE-2015-3282: vos leaks stack data onto the wire in the clear when creating vldb entries
* Workaround for CVE-2015-3283: bos commands can be spoofed, including some which alter server state
* Disabled searching the VLDB by volume name regular expression to avoid possible buffer overruns in the volume location server
All client platforms
* Fix for CVE-2015-3284: pioctls leak kernel memory
* Fix for CVE-2015-3285: kernel pioctl support for OSD command passing can trigger a panic
After installing the update, you must restart your AFS connections and AFS services.
SolutionUpdate the affected packages.