Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1882-1

Опубликовано: 18 июл. 2019
Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 10 for SLE 15)

This update for the Linux Kernel 4.12.14-150_17 fixes several issues.

The following security issues were fixed:

  • CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586)
  • CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586)
  • CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424).

This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747).

Список пакетов

SUSE Linux Enterprise Live Patching 15
kernel-livepatch-4_12_14-25_3-default-11-2.1
kernel-livepatch-4_12_14-25_6-default-10-2.1
kernel-livepatch-4_12_14-25_13-default-8-2.1
kernel-livepatch-4_12_14-25_16-default-7-2.1
kernel-livepatch-4_12_14-25_19-default-7-2.1
kernel-livepatch-4_12_14-25_22-default-6-2.1
kernel-livepatch-4_12_14-25_25-default-5-2.1
kernel-livepatch-4_12_14-25_28-default-4-2.1
kernel-livepatch-4_12_14-150_14-default-3-2.1
kernel-livepatch-4_12_14-150_17-default-3-2.1

Ссылки

Описание

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_14-default-3-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_17-default-3-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_13-default-8-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_16-default-7-2.1
Ссылки

Описание

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_14-default-3-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_17-default-3-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_13-default-8-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_16-default-7-2.1
Ссылки

Описание

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_14-default-3-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-150_17-default-3-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_13-default-8-2.1
SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_16-default-7-2.1
Ссылки