Slackware Local Security Checks : Slackware: Security Advisory (SSA:2017-177-01)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.13.2017.177.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2017-177-01)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2017-177-01 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2017-177-01 advisory. Vulnerability Insight: New kernel packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.74/: Upgraded. This kernel fixes two 'Stack Clash' vulnerabilities reported by Qualys. The first issue may allow attackers to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions. The second issue can be exploited to bypass certain security restrictions and perform unauthorized actions. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: [links moved to references] ( Security fix *) +--------------------------+ Affected Software/OS: 'kernel' package(s) on Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000364 BugTraq ID: 99130 http://www.securityfocus.com/bid/99130 Debian Security Information: DSA-3886 (Google Search) http://www.debian.org/security/2017/dsa-3886 https://www.exploit-db.com/exploits/45625/ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt RedHat Security Advisories: RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1482 RedHat Security Advisories: RHSA-2017:1483 https://access.redhat.com/errata/RHSA-2017:1483 RedHat Security Advisories: RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1484 RedHat Security Advisories: RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1485 RedHat Security Advisories: RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1486 RedHat Security Advisories: RHSA-2017:1487 https://access.redhat.com/errata/RHSA-2017:1487 RedHat Security Advisories: RHSA-2017:1488 https://access.redhat.com/errata/RHSA-2017:1488 RedHat Security Advisories: RHSA-2017:1489 https://access.redhat.com/errata/RHSA-2017:1489 RedHat Security Advisories: RHSA-2017:1490 https://access.redhat.com/errata/RHSA-2017:1490 RedHat Security Advisories: RHSA-2017:1491 https://access.redhat.com/errata/RHSA-2017:1491 RedHat Security Advisories: RHSA-2017:1567 https://access.redhat.com/errata/RHSA-2017:1567 RedHat Security Advisories: RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1616 RedHat Security Advisories: RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1647 RedHat Security Advisories: RHSA-2017:1712 https://access.redhat.com/errata/RHSA-2017:1712 http://www.securitytracker.com/id/1038724 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000365 BugTraq ID: 99156 http://www.securityfocus.com/bid/99156 Debian Security Information: DSA-3927 (Google Search) http://www.debian.org/security/2017/dsa-3927 Debian Security Information: DSA-3945 (Google Search) http://www.debian.org/security/2017/dsa-3945
Copyright	Copyright (C) 2022 Greenbone AG