Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Mageia: 2019-0197 Moderate Security Update for Kernel-Linus - Memory Issue

mageia
Calendar Grey June 20, 2019
Dist Mageia Esm H88
Mageia kernel-linus security update resolves denial of service and memory corruption issues, enhancing system protection.
This kernel-linus update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequen...

Summary

This kernel-linus update is based on the upstream 4.14.127 and fixes atleast the following security issues:
Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection (CVE-2019-5599).
A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects (CVE-2019-10142).
Jonathan Looney discovered that t...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24974

- https://bugs.mageia.org/show_bug.cgi?id=24840

- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.122

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.123

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.124

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.125

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.126

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127

- https://www.cve.org/CVERecord?id=CVE-2019-5599

- https://www.cve.org/CVERecord?id=CVE-2019-10142

- https://www.cve.org/CVERecord?id=CVE-2019-11477

- https://www.cve.org/CVERecord?id=CVE-2019-11478

- https://www.cve.org/CVERecord?id=CVE-2019-11479

- https://www.cve.org/CVERecord?id=CVE-2019-11833

Topics%20covered

Topics Covered

security advisory denial of service memory corruption kernel information disclosure network attack Mageia

Resolution

SRPMS

- 6/core/kernel-linus-4.14.127-1.mga6

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 21 Jun 2019
URL: https://advisories.mageia.org/MGASA-2019-0197.html
Type: security
CVE: CVE-2019-5599, CVE-2019-10142, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11833

Topics%20covered

Topics Covered

security advisory denial of service memory corruption kernel information disclosure network attack Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here