Security update for the Linux Kernel
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:1617-1
Final
1
1
2017-06-19T15:28:40Z
current
2017-06-19T15:28:40Z
2017-06-19T15:28:40Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using
more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page
to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a
hardening measure against this kind of userland attack.(bsc#1039348)
The following non-security bugs were fixed:
- There was a load failure in the sha-mb encryption implementation (bsc#1037384).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-994,SUSE-SLE-DESKTOP-12-SP2-2017-994,SUSE-SLE-HA-12-SP2-2017-994,SUSE-SLE-Live-Patching-12-2017-994,SUSE-SLE-RPI-12-SP2-2017-994,SUSE-SLE-SDK-12-SP2-2017-994,SUSE-SLE-SERVER-12-SP2-2017-994,SUSE-SLE-WE-12-SP2-2017-994
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20171617-1/
Link for SUSE-SU-2017:1617-1
https://lists.suse.com/pipermail/sle-security-updates/2017-June/002960.html
E-Mail link for SUSE-SU-2017:1617-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1037384
SUSE Bug 1037384
https://bugzilla.suse.com/1039348
SUSE Bug 1039348
https://www.suse.com/security/cve/CVE-2017-1000364/
SUSE CVE CVE-2017-1000364 page
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise High Availability Extension 12 SP2
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP2
kernel-default-4.4.59-92.20.2
kernel-default-devel-4.4.59-92.20.2
kernel-default-extra-4.4.59-92.20.2
kernel-devel-4.4.59-92.20.2
kernel-macros-4.4.59-92.20.2
kernel-source-4.4.59-92.20.2
kernel-syms-4.4.59-92.20.2
cluster-md-kmp-default-4.4.59-92.20.2
cluster-network-kmp-default-4.4.59-92.20.2
dlm-kmp-default-4.4.59-92.20.2
gfs2-kmp-default-4.4.59-92.20.2
ocfs2-kmp-default-4.4.59-92.20.2
kgraft-patch-4_4_59-92_20-default-1-2.1
kernel-default-base-4.4.59-92.20.2
kernel-docs-4.4.59-92.20.3
kernel-obs-build-4.4.59-92.20.2
kernel-default-man-4.4.59-92.20.2
kernel-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
kernel-default-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
kernel-default-extra-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
kernel-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
kernel-macros-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
kernel-source-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
kernel-syms-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Desktop 12 SP2
cluster-md-kmp-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP2
cluster-network-kmp-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP2
dlm-kmp-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP2
gfs2-kmp-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP2
ocfs2-kmp-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP2
kgraft-patch-4_4_59-92_20-default-1-2.1 as a component of SUSE Linux Enterprise Live Patching 12
kernel-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-default-base-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-default-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-default-man-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-macros-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-source-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-syms-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server 12 SP2
kernel-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-default-base-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-default-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-macros-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-source-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-syms-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
kernel-default-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-default-base-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-default-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-default-man-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-devel-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-macros-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-source-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-syms-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
kernel-docs-4.4.59-92.20.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
kernel-obs-build-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
kernel-default-extra-4.4.59-92.20.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP2
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
CVE-2017-1000364
SUSE Linux Enterprise Desktop 12 SP2:kernel-default-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12 SP2:kernel-default-devel-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12 SP2:kernel-default-extra-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12 SP2:kernel-devel-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12 SP2:kernel-macros-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12 SP2:kernel-source-4.4.59-92.20.2
SUSE Linux Enterprise Desktop 12 SP2:kernel-syms-4.4.59-92.20.2
SUSE Linux Enterprise High Availability Extension 12 SP2:cluster-md-kmp-default-4.4.59-92.20.2
SUSE Linux Enterprise High Availability Extension 12 SP2:cluster-network-kmp-default-4.4.59-92.20.2
SUSE Linux Enterprise High Availability Extension 12 SP2:dlm-kmp-default-4.4.59-92.20.2
SUSE Linux Enterprise High Availability Extension 12 SP2:gfs2-kmp-default-4.4.59-92.20.2
SUSE Linux Enterprise High Availability Extension 12 SP2:ocfs2-kmp-default-4.4.59-92.20.2
SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-1-2.1
SUSE Linux Enterprise Server 12 SP2:kernel-default-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-default-base-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-default-devel-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-default-man-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-devel-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-macros-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-source-4.4.59-92.20.2
SUSE Linux Enterprise Server 12 SP2:kernel-syms-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-default-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-default-base-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-default-devel-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-devel-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-macros-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-source-4.4.59-92.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:kernel-syms-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-default-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-default-base-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-default-devel-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-default-man-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-devel-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-macros-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-source-4.4.59-92.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-syms-4.4.59-92.20.2
SUSE Linux Enterprise Software Development Kit 12 SP2:kernel-docs-4.4.59-92.20.3
SUSE Linux Enterprise Software Development Kit 12 SP2:kernel-obs-build-4.4.59-92.20.2
SUSE Linux Enterprise Workstation Extension 12 SP2:kernel-default-extra-4.4.59-92.20.2
important
6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171617-1/
https://www.suse.com/security/cve/CVE-2017-1000364.html
CVE-2017-1000364
https://bugzilla.suse.com/1039346
SUSE Bug 1039346
https://bugzilla.suse.com/1039348
SUSE Bug 1039348
https://bugzilla.suse.com/1042200
SUSE Bug 1042200
https://bugzilla.suse.com/1044985
SUSE Bug 1044985
https://bugzilla.suse.com/1071943
SUSE Bug 1071943
https://bugzilla.suse.com/1075506
SUSE Bug 1075506
https://bugzilla.suse.com/1077345
SUSE Bug 1077345
https://bugzilla.suse.com/1115893
SUSE Bug 1115893
https://bugzilla.suse.com/1149726
SUSE Bug 1149726