Описание
Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2)
This update for the Linux Kernel 4.4.121-92_101 fixes several issues.
The following security issues were fixed:
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446).
- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)
- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP3
SUSE Linux Enterprise Live Patching 12 SP4
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2019:1671-1
- E-Mail link for SUSE-SU-2019:1671-1
- SUSE Security Ratings
- SUSE Bug 1133191
- SUSE Bug 1136446
- SUSE Bug 1136935
- SUSE Bug 1137597
- SUSE CVE CVE-2019-11477 page
- SUSE CVE CVE-2019-11478 page
- SUSE CVE CVE-2019-11487 page
- SUSE CVE CVE-2019-3846 page
Описание
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Затронутые продукты
Ссылки
- CVE-2019-11477
- SUSE Bug 1132686
- SUSE Bug 1137586
- SUSE Bug 1142129
- SUSE Bug 1153242
Описание
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Затронутые продукты
Ссылки
- CVE-2019-11478
- SUSE Bug 1132686
- SUSE Bug 1137586
- SUSE Bug 1142129
- SUSE Bug 1143542
Описание
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
Затронутые продукты
Ссылки
- CVE-2019-11487
- SUSE Bug 1133190
- SUSE Bug 1133191
Описание
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Затронутые продукты
Ссылки
- CVE-2019-3846
- SUSE Bug 1136424
- SUSE Bug 1136446
- SUSE Bug 1156330