Scientific Linux Security Update : kernel on SL5.x i386/x86_64

High Nessus Plugin ID 89957


The remote Scientific Linux host is missing one or more security updates.


- An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important)

- It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host.
(CVE-2015-2151, Important)

This update also fixes the following bugs :

- Previously, the CPU power of a CPU group could be zero.
As a consequence, a kernel panic occurred at 'find_busiest_group+570' with do_divide_error. The provided patch ensures that the division is only performed if the CPU power is not zero, and the aforementioned panic no longer occurs.

- Prior to this update, a bug occurred when performing an online resize of an ext4 file system which had been previously converted from ext3. As a consequence, the kernel crashed. The provided patch fixes online resizing for such file systems by limiting the blockgroup search loop for non- extent files, and the mentioned kernel crash no longer occurs.

The system must be rebooted for this update to take effect.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 89957

File Name: sl_20160315_kernel_on_SL5_x.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2016/03/16

Modified: 2016/03/16

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2016/03/15

Reference Information

CVE: CVE-2013-2596, CVE-2015-2151