LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

June 2019

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA June 2019

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: kernel on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 17 Jun 2019 21:16:12 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

Synopsis: Important: kernel security update
Advisory ID:       SLSA-2019:1481-1
Issue Date:        2019-06-17
CVE Numbers:       CVE-2019-11477
                   CVE-2019-11478
                   CVE-2019-11479
--

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel's
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel's socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes. To efficiently process SACK blocks, the
Linux kernel merges multiple fragmented SKBs into one, potentially
overflowing the variable holding the number of segments. A remote attacker
could use this flaw to crash the Linux kernel by sending a crafted
sequence of SACK segments on a TCP connection with small value of TCP MSS,
resulting in a denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)
--

SL7
  x86_64
    bpftool-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
    perf-3.10.0-957.21.3.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    python-perf-3.10.0-957.21.3.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
    kernel-doc-3.10.0-957.21.3.el7.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV