 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2017.1628.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2017:1628-1) |
| Summary: | The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:1628-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:1628-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP4. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000364 BugTraq ID: 99130 http://www.securityfocus.com/bid/99130 Debian Security Information: DSA-3886 (Google Search) http://www.debian.org/security/2017/dsa-3886 https://www.exploit-db.com/exploits/45625/ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt RedHat Security Advisories: RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1482 RedHat Security Advisories: RHSA-2017:1483 https://access.redhat.com/errata/RHSA-2017:1483 RedHat Security Advisories: RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1484 RedHat Security Advisories: RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1485 RedHat Security Advisories: RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1486 RedHat Security Advisories: RHSA-2017:1487 https://access.redhat.com/errata/RHSA-2017:1487 RedHat Security Advisories: RHSA-2017:1488 https://access.redhat.com/errata/RHSA-2017:1488 RedHat Security Advisories: RHSA-2017:1489 https://access.redhat.com/errata/RHSA-2017:1489 RedHat Security Advisories: RHSA-2017:1490 https://access.redhat.com/errata/RHSA-2017:1490 RedHat Security Advisories: RHSA-2017:1491 https://access.redhat.com/errata/RHSA-2017:1491 RedHat Security Advisories: RHSA-2017:1567 https://access.redhat.com/errata/RHSA-2017:1567 RedHat Security Advisories: RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1616 RedHat Security Advisories: RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1647 RedHat Security Advisories: RHSA-2017:1712 https://access.redhat.com/errata/RHSA-2017:1712 http://www.securitytracker.com/id/1038724 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |