SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- A stack overflow vulnerability was found in
_nss_dns_getnetbyname_r. On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user- provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075)
This issue was discovered by Florian Weimer (Red Hat).
Additional Changes :
SolutionUpdate the affected packages.