User login
Qlustar: Install and enjoy!

[QSA-0628171] Linux kernel vulnerability

Qlustar Security Advisory 0628171

June 28th, 2017


The system could crash or be made to run programs as an administrator. This update includes a fix for the dangerous stack clash vulnerability. You're urged to upgrade your systems as soon as possible.

    Package(s)       : linux-image-ql-generic,
    Qlustar releases : 9.1 / 9.2
    Affected versions: All versions prior to this update
    Vulnerability    : privilege escalation/denial of service
    Problem type     : local
    Qlustar-specific : no
    CVE Id(s)        : CVE-2017-1000364

A vulnerability has been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem(s):


It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. This the so-called stack clash vulnerability

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):

    linux-image-ql-generic                     3.12.74-ql-generic-9.1-89
glqxz9283 sfy39587stf02 mnesdcuix8