Test ID:	1.3.6.1.4.1.25623.1.1.4.2017.1617.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2017:1617-1)
Summary:	The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:1617-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:1617-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - There was a load failure in the sha-mb encryption implementation (bsc#1037384). Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2, SUSE Linux Enterprise Server for SAP Applications 12-SP2. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000364 BugTraq ID: 99130 http://www.securityfocus.com/bid/99130 Debian Security Information: DSA-3886 (Google Search) http://www.debian.org/security/2017/dsa-3886 https://www.exploit-db.com/exploits/45625/ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt RedHat Security Advisories: RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1482 RedHat Security Advisories: RHSA-2017:1483 https://access.redhat.com/errata/RHSA-2017:1483 RedHat Security Advisories: RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1484 RedHat Security Advisories: RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1485 RedHat Security Advisories: RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1486 RedHat Security Advisories: RHSA-2017:1487 https://access.redhat.com/errata/RHSA-2017:1487 RedHat Security Advisories: RHSA-2017:1488 https://access.redhat.com/errata/RHSA-2017:1488 RedHat Security Advisories: RHSA-2017:1489 https://access.redhat.com/errata/RHSA-2017:1489 RedHat Security Advisories: RHSA-2017:1490 https://access.redhat.com/errata/RHSA-2017:1490 RedHat Security Advisories: RHSA-2017:1491 https://access.redhat.com/errata/RHSA-2017:1491 RedHat Security Advisories: RHSA-2017:1567 https://access.redhat.com/errata/RHSA-2017:1567 RedHat Security Advisories: RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1616 RedHat Security Advisories: RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1647 RedHat Security Advisories: RHSA-2017:1712 https://access.redhat.com/errata/RHSA-2017:1712 http://www.securitytracker.com/id/1038724
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.