User login
Qlustar: Install and enjoy!

[QSA-0628171] Linux kernel vulnerability

Qlustar Security Advisory 0628171

June 28th, 2017


Summary:

The system could crash or be made to run programs as an administrator. This update includes a fix for the dangerous stack clash vulnerability. You're urged to upgrade your systems as soon as possible.


    Package(s)       : linux-image-ql-generic,
                       qlustar-module-core-trusty-amd64-9.2.0,
                       qlustar-module-core-wheezy-amd64-9.1.1
    Qlustar releases : 9.1 / 9.2
    Affected versions: All versions prior to this update
    Vulnerability    : privilege escalation/denial of service
    Problem type     : local
    Qlustar-specific : no
    CVE Id(s)        : CVE-2017-1000364
  

A vulnerability has been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem(s):

CVE-2017-1000364

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. This the so-called stack clash vulnerability

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):

    linux-image-ql-generic                     3.12.74-ql-generic-9.1-89
    qlustar-module-core-trusty-amd64-9.2.0     9.2.0.1-b463f1072
    qlustar-module-core-wheezy-amd64-9.1.1     9.1.1.5-b461f1071
  
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08