SUSE products and a new security bug class referred to as "Stack Clash".
This document (7020973) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 12 Service Pack 1 LTSS (SLES 12 SP1 LTSS)
SUSE Linux Enterprise Server 12 GA LTSS (SLES 12 GA LTSS)
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 10 Service Pack 4 LTSS (SLES 10 SP4 LTSS)
Expanded support 7 (RES7)
Expanded support 6 (RES6)
Expanded support 5 (RES5)
How does it work...
To mitigate this class of attacks we will be doing the following :
- Linux Kernels are being released immediately.
- glibc packages are being released immediately.
- gcc (GNU Compiler Collection) updates will be released in the near future.
- Various applications might be updated in the near future.
SLES 12 SP2:4.4.59-92.20.2 initial kernel released Monday, 19th of June 2017SLES 12 SP1 LTSS:
4.4.59-92.42.2 incremental kernel update released Wednesday, 28th of June .3.12.74-22.214.171.124 initial kernel released Monday, 19th of June 2017SLES 12 GA LTSS:
3.12.74-126.96.36.199 incremental kernel update released Tuesday, 27th of June 20173.12.61-52.77.1 initial kernel released Monday, 19th of June 2017SLES 11 SP4:
3.12.61-52.80.1 incremental kernel update pending release.3.0.101-104.2 initial kernel released Tuesday, 20th of June 2017SLES 11 SP3 LTSS:
3.0.101-107.1 incremental kernel update released Monday, 26th of June 20173.0.101-0.47.102.1 initial kernel released Monday, 19th of June 2017
3.0.101-0.47.105.1 incremental kernel update released Tuesday, 27th of June.
SLES 12 SP2:Note 1:glibc 2.22-61.3 released Monday, 19th of June 2017SLES 12 SP1 LTSS:glibc 2.19-40.6.1 released Monday, 19th of June 2017SLES 12 GA LTSS:glibc 2.19-22.21.1 released Monday, 19th of June 2017SLES 11 SP4:glibc 2.11.3-17.109.1 released Monday, 19th of June 2017SLES 11 SP3 LTSS:glibc 2.11.3-17.109.1 released Monday, 19th of June 2017
For customers with active LTSS Subscriptions for SLES 10 SP4 it is required to open a Service Request through the SUSE Customer Center and request a PTF.
Older SUSE Linux Enterprise versions already had variable heap-stack-gap support.
As such, on SUSE Linux Enterprise 10, it is possible to use a sysctl variable to adjust the heap stack gap.
Temporary during run-time :
echo 256 > /proc/sys/vm/heap-stack-gapPermanently by adding the following line into /etc/sysctl.conf
vm.heap-stack-gap = 256
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7020973
- Creation Date: 16-Jun-2017
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: firstname.lastname@example.org