Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

SciLinux SL7: SLSA-2019-1481-1 Important Kernel Update for TCP Issues

Scientific Large Esm H446
An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs in [More...]
Synopsis: Important: kernel security update
Advisory ID:       SLSA-2019:1481-1
Issue Date:        2019-06-17
CVE Numbers:       CVE-2019-11477
                   CVE-2019-11478
                   CVE-2019-11479
--

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel's
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel's socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes. To efficiently process SACK blocks, the
Linux kernel merges multiple fragmented SKBs into one, potentially
overflowing the variable holding the number of segments. A remote attacker
could use this flaw to crash the Linux kernel by sending a crafted
sequence of SACK segments on a TCP connection with small value of TCP MSS,
resulting in a denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)
--

SL7
  x86_64
    bpftool-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
    perf-3.10.0-957.21.3.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    python-perf-3.10.0-957.21.3.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
    kernel-doc-3.10.0-957.21.3.el7.noarch.rpm

- Scientific Linux Development Team