Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

SUSE: 2019:1668-1 Important: Kernel Patch Fixes Memory Corruption

suse
Calendar Grey June 21, 2019
Dist Suse Esm H88
SUSE Security Update addresses important kernel memory corruption issues with critical patches for SLE 12 SP1 systems.

An update that fixes four vulnerabilities is now available.

Summary

This update for the Linux Kernel 3.12.74-60_64_107 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)

References

#1133191 #1136446 #1137597

Cross- CVE-2019-11477 CVE-2019-11478 CVE-2019-11487

CVE-2019-3846

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2019-11477.html

https://www.suse.com/security/cve/CVE-2019-11478.html

https://www.suse.com/security/cve/CVE-2019-11487.html

https://www.suse.com/security/cve/CVE-2019-3846.html

https://bugzilla.suse.com/1133191

https://bugzilla.suse.com/1136446

https://bugzilla.suse.com/1137597

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:1668-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.