Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Mageia: 2019-0195 Critical: Kernel Denial of Service Vulnerabilities

mageia
Calendar Grey June 20, 2019
Dist Mageia Esm H88
Revised kernel components tackle various vulnerabilities within the Mageia environment, enhancing both safety and performance as of June 2019.
This kernel update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of ...

Summary

This kernel update is based on the upstream 4.14.127 and fixes atleast the following security issues:
Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection (CVE-2019-5599).
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (CVE-2019-11477).
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service (CVE-2019-11478).
Jonathan Looney discovered that the Linux kernel d...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24972

- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.122

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.123

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.124

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.125

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.126

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127

- https://www.cve.org/CVERecord?id=CVE-2019-5599

- https://www.cve.org/CVERecord?id=CVE-2019-11477

- https://www.cve.org/CVERecord?id=CVE-2019-11478

- https://www.cve.org/CVERecord?id=CVE-2019-11479

Topics%20covered

Topics Covered

security advisory denial of service update kernel integer overflow Mageia SACK

Resolution

SRPMS

- 6/core/kernel-4.14.127-1.mga6

- 6/core/kernel-userspace-headers-4.14.127-1.mga6

- 6/core/kmod-vboxadditions-6.0.8-4.mga6

- 6/core/kmod-virtualbox-6.0.8-4.mga6

- 6/core/kmod-xtables-addons-2.13-88.mga6

- 6/core/wireguard-tools-0.0.20190601-1.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 21 Jun 2019
URL: https://advisories.mageia.org/MGASA-2019-0195.html
Type: security
CVE: CVE-2019-5599, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

Topics%20covered

Topics Covered

security advisory denial of service update kernel integer overflow Mageia SACK

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here