Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

SUSE: 2019:1674-1 Important Linux Kernel Live Patch Memory Corruption

suse
Calendar Grey June 21, 2019
Dist Suse Esm H88
Important security update for SUSE Linux kernel addresses multiple vulnerabilities, ensuring system integrity.

An update that fixes 5 vulnerabilities is now available.

Summary

This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)

References

#1133191 #1135280 #1136446 #1136935 #1137597

Cross- CVE-2019-11085 CVE-2019-11477 CVE-2019-11478

CVE-2019-11487 CVE-2019-3846

Affected Products:

SUSE Linux Enterprise Live Patching 12-SP4

https://www.suse.com/security/cve/CVE-2019-11085.html

https://www.suse.com/security/cve/CVE-2019-11477.html

https://www.suse.com/security/cve/CVE-2019-11478.html

https://www.suse.com/security/cve/CVE-2019-11487.html

https://www.suse.com/security/cve/CVE-2019-3846.html

https://bugzilla.suse.com/1133191

https://bugzilla.suse.com/1135280

https://bugzilla.suse.com/1136446

https://bugzilla.suse.com/1136935

https://bugzilla.suse.com/1137597

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:1674-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.