Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

Ubuntu 18.04 LTS: 0052-1 Critical: Linux Kernel Denial Of Service

ubuntu
Calendar Grey June 18, 2019
Dist Ubuntu Esm H88
Numerous vulnerabilities were addressed in the core kernel of Ubuntu impacting multiple versions and hardware platforms.
Several security issues were fixed in the kernel.

Summary

Several security issues were fixed in the kernel.

Software Description:

- linux: Linux kernel

Details:

Jonathan Looney discovered that an integer overflow existed in the Linux

kernel when handling TCP Selective Acknowledgments (SACKs). A remote

attacker could use this to cause a denial of service (system crash).

(CVE-2019-11477)

Jonathan Looney discovered that the TCP retransmission queue implementation

in the Linux kernel could be fragmented when handling certain TCP Selective

Acknowledgment (SACK) sequences. A remote attacker could use this to cause

a denial of service. (CVE-2019-11478)

Update Instructions

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-148.174            | 52.3     | generic, lowlatency      |
| 4.4.0-150.176            | 52.3     | generic, lowlatency      |
| 4.15.0-50.54             | 52.3     | generic, lowlatency      |
| 4.15.0-50.54~16.04.1     | 52.3     | generic, lowlatency      |
| 4.15.0-51.55             | 52.3     | generic, lowlatency      |
| 4.15.0-51.55~16.04.1     | 52.3     | generic, lowlatency      |

References

CVE-2019-11477, CVE-2019-11478

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

June 18, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.