[prev in list] [next in list] [prev in thread] [next in thread]
List: openvz-announce
Subject: [Announce] Kernel RHEL6 042stab139.1
From: Vasily Averin <vvs () openvz ! org>
Date: 2019-06-20 12:54:57
Message-ID: 7095bb26-1486-4618-6630-48a56b51264d () virtuozzo ! com
[Download RAW message or body]
OpenVZ project released an updated RHEL6 based kernel.
Read below for more information. Everyone is advised to update.
Changes and Download
====================
(since 042stab138.1)
* Rebase to RHEL6u10 kernel 2.6.32-754.15.3.el6
* [Important] An integer overflow flaw was found in the way the Linux kernel's \
networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While \
processing SACK segments, the Linux kernel's socket buffer (SKB) data structure \
becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To \
efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs \
into one, potentially overflowing the variable holding the number of segments. A \
remote attacker could use this flaw to crash the Linux kernel by sending a crafted \
sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting \
in a denial of service (DoS) (CVE-2019-11477)
* [Moderate] An excessive resource consumption flaw was found in the way the Linux \
kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. \
While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure \
becomes fragmented, which leads to increased resource utilization to traverse and \
process these fragments as further SACK segments are received on the same TCP \
connection. A remote attacker could use this flaw to cause a denial of service (DoS) \
by sending a crafted sequence of SACK segments on a TCP connection \
(CVE-2019-11478)
* [Moderate] An excessive resource consumption flaw was found in the way the Linux \
kernel's networking subsystem processed TCP segments. If the Maximum Segment Size \
(MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as \
little as 8 bytes for the user data, which significantly increases the Linux kernel's \
resource (CPU, Memory, and Bandwidth) utilization. A remote attacker could use this \
flaw to cause a denial of service (DoS) by repeatedly sending network traffic on a \
TCP connection with low TCP MSS (CVE-2019-11479)
* [Important] A double-free can happen in idr_remove_all() in lib/idr.c in the Linux \
kernel. An unprivileged local attacker can use this flaw for a privilege escalation \
or for a system crash and a denial of service (DoS) (CVE-2019-3896)
=== See also ===
https://access.redhat.com/errata/RHSA-2019:1488
https://www.redhat.com/security/data/cve/CVE-2019-11477.html
https://www.redhat.com/security/data/cve/CVE-2019-11478.html
https://www.redhat.com/security/data/cve/CVE-2019-11479.html
https://www.redhat.com/security/data/cve/CVE-2019-3896.html
https://access.redhat.com/security/vulnerabilities/tcpsack
For more info and downloads, see:
https://openvz.org/Download/kernel/rhel6/042stab139.1
Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.
Regards,
OpenVZ team
_______________________________________________
Announce mailing list
Announce@openvz.org
https://lists.openvz.org/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic