Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 18.04 LTS: 0052-1 Critical: Linux Kernel Denial Of Service

Calendar Jun 18, 2019 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service kernel integer overflow ubuntu
Several security issues were fixed in the kernel. 
=========================================================================Kernel Live Patch Security Notice 0052-1
June 18, 2019

linux vulnerability
=========================================================================
A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Jonathan Looney discovered that an integer overflow existed in the Linux
kernel when handling TCP Selective Acknowledgments (SACKs). A remote
attacker could use this to cause a denial of service (system crash). 
(CVE-2019-11477)

Jonathan Looney discovered that the TCP retransmission queue implementation
in the Linux kernel could be fragmented when handling certain TCP Selective
Acknowledgment (SACK) sequences. A remote attacker could use this to cause
a denial of service. (CVE-2019-11478)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-148.174            | 52.3     | generic, lowlatency      |
| 4.4.0-150.176            | 52.3     | generic, lowlatency      |
| 4.15.0-50.54             | 52.3     | generic, lowlatency      |
| 4.15.0-50.54~16.04.1     | 52.3     | generic, lowlatency      |
| 4.15.0-51.55             | 52.3     | generic, lowlatency      |
| 4.15.0-51.55~16.04.1     | 52.3     | generic, lowlatency      |

References:
  CVE-2019-11477, CVE-2019-11478


-- 
ubuntu-security-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Ubuntu 18.04 LTS: 0052-1 Critical: Linux Kernel Denial Of Service

ubuntu
Calendar Grey June 18, 2019
Dist Ubuntu Esm H88
Numerous vulnerabilities were addressed in the core kernel of Ubuntu impacting multiple versions and hardware platforms.
Several security issues were fixed in the kernel.

Summary

Topics%20covered

Topics Covered

security advisory denial of service kernel integer overflow ubuntu

Update Instructions

The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 52.3 | generic, lowlatency | | 4.4.0-150.176 | 52.3 | generic, lowlatency | | 4.15.0-50.54 | 52.3 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 52.3 | generic, lowlatency | | 4.15.0-51.55 | 52.3 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 52.3 | generic, lowlatency |

References

CVE-2019-11477, CVE-2019-11478

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
critical
Lowest
Low
Medium
High
Critical

June 18, 2019

Topics%20covered

Topics Covered

security advisory denial of service kernel integer overflow ubuntu

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here