Hello Everyone!

I am in the process of testing SLES 12 SP1 and have found that the network security scanner Qualys (www.qualys.com) detects an older version of the kernel ( lower than 3.14.9/3.15.2 ) and thinks the kernel is vulnerable to the LZO memory Corruption Vulnerability (QID 122360 ). I have not tested to see if the kernel is actually vulnerable but i am pretty confident it's not and that SUSE has back ported the kernel without that vulnerability. The problem is that Qualys, being the sticklers that they are want a published website from SUSE that states the kernel is not vulnerable. Here's where it get's a bit tricky. The vulnerability was published (July 2014) before the release date of SLES 12 (October 2014) and there's not going to be a website that details that the kernel has been back ported. Sigh... That being said, is there someone out there that can reference a doc that states SLES 12 is not vulnerable to this?

Thanks!