[BESAdmin-Announcements] IBM BigFix Patch released additional CentOS and Ubuntu Fixlets for the Stack Clash Vulnerabilites

Thu Jun 22 03:52:06 PDT 2017

IBM BigFix Patch has released additional Fixlets to address the Stack 
Clash Vulnerabilities for CVE 2017-1000364, CVE 2017-1000366, and 
CVE-2017-1000367. 

Patches for CentOS6 R2 site, version 11
Patches for CentOS7 R2 site, version 10
Patches for Ubuntu 1401 site, version 206

The CVEs vary for CentOS 6 and CentOS 7. For CentOS 6, CVE-2017-1000364 is 
known as CESA-2017:1486 and CVE-2017-1000366 is known as CESA-2017:1480. 
For CentOS 7, CVE-2017-1000364 is known as CESA-2017:1484 and 
CVE-2017-1000366 is known as CESA-2017:1481. CVE-2017-1000367 is known as 
CESA-2017:1382 in both CentOS 6 and CentOS 7.

NOTE: BigFix is unable to publish the Fixlets for some operating systems 
because the vendors have not published the patches for these CVEs yet. 
BigFix will publish the Fixlets for these operating systems as soon as the 
patches become available:
Oracle Linux 6 and Oracle Linux 7: CVE-2017-1000367
SUSE Linux Enterprise Desktop 11: CVE 2017-1000364 and CVE 2017-1000366
SUSE Linux Enterprise Desktop/Server 11 and SUSE Linux Enterprise Server 
11z: CVE-2017-1000367
Ubuntu 1404: CVE 2017-1000364
Ubuntu 1604: CVE 2017-1000364, CVE 2017-1000366, and CVE-2017-1000367

Actions to Take:
Given the serious nature of these vulnerabilities, it is advisable to 
upgrade your systems immediately or apply the patch as soon as possible.
No other action is required after applying the Fixlets.

Additional Information:
For more information, see the following sources:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367

Application Engineering team
IBM BigFix Patch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20170622/d41fe0a2/attachment.html>