[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ubuntu-security-announce
Subject:    [LSN-0052-1] Linux kernel vulnerability
From:       benjamin.romer () canonical ! com
Date:       2019-06-18 12:52:11
Message-ID: c825cfad868acd44c5bfa37d8451f8c15e3dbbf7.camel () canonical ! com
[Download RAW message or body]

==========================================================================
Kernel Live Patch Security Notice 0052-1
June 18, 2019

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Jonathan Looney discovered that an integer overflow existed in the Linux
kernel when handling TCP Selective Acknowledgments (SACKs). A remote
attacker could use this to cause a denial of service (system crash). 
(CVE-2019-11477)

Jonathan Looney discovered that the TCP retransmission queue implementation
in the Linux kernel could be fragmented when handling certain TCP Selective
Acknowledgment (SACK) sequences. A remote attacker could use this to cause
a denial of service. (CVE-2019-11478)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-148.174            | 52.3     | generic, lowlatency      |
| 4.4.0-150.176            | 52.3     | generic, lowlatency      |
| 4.15.0-50.54             | 52.3     | generic, lowlatency      |
| 4.15.0-50.54~16.04.1     | 52.3     | generic, lowlatency      |
| 4.15.0-51.55             | 52.3     | generic, lowlatency      |
| 4.15.0-51.55~16.04.1     | 52.3     | generic, lowlatency      |

References:
  CVE-2019-11477, CVE-2019-11478


-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic