MGASA-2019-0196 - Updated kernel-tmb packages fix security vulnerability

Publication date: 21 Jun 2019
URL: https://advisories.mageia.org/MGASA-2019-0196.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2019-5599,
     CVE-2019-10142,
     CVE-2019-11477,
     CVE-2019-11478,
     CVE-2019-11479,
     CVE-2019-11833

This kernel-tmb update is based on the upstream 4.14.127 and fixes atleast
the following security issues:

Jonathan Looney discovered that it is possible to send a crafted sequence
of SACKs which will fragment the RACK send map. An attacker may be able to
further exploit the fragmented send map to cause an expensive linked-list
walk for subsequent SACKs received for that same TCP connection
(CVE-2019-5599).

A flaw was found in the Linux kernel's freescale hypervisor manager
implementation. A parameter passed via to an ioctl was incorrectly
validated and used in size calculations for the page size calculation.
An attacker can use this flaw to crash the system or corrupt memory
or, possibly, create other adverse security affects (CVE-2019-10142).

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value
was subject to an integer overflow in the Linux kernel when handling TCP
Selective Acknowledgments (SACKs). A remote attacker could use this to
cause a denial of service (CVE-2019-11477).

Jonathan Looney discovered that the TCP retransmission queue implementation
in tcp_fragment in the Linux kernel could be fragmented when handling
certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker
could use this to cause a denial of service (CVE-2019-11478).

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded
to 48 bytes. This allows a remote peer to fragment TCP resend queues
significantly more than if a larger MSS were enforced. A remote attacker
could use this to cause a denial of service (CVE-2019-11479).

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out
the unused memory region in the extent tree block, which might allow
local users to obtain sensitive information by reading uninitialized
data in the filesystem (CVE-2019-11833).

It also fixes an upstream regression that caused older 'legacy'
bluetooth adapters to stop working (mga #24840).

WireGuard has been updated to 0.0.20190601.

For other uptstream fixes in this update, see the referenced changelogs.

References:
- https://bugs.mageia.org/show_bug.cgi?id=24973
- https://bugs.mageia.org/show_bug.cgi?id=24840
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.122
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.123
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.124
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.125
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.126
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833

SRPMS:
- 6/core/kernel-tmb-4.14.127-1.mga6

Mageia 2019-0196: kernel-tmb security update

This kernel-tmb update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence...

Summary

This kernel-tmb update is based on the upstream 4.14.127 and fixes atleast the following security issues:
Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection (CVE-2019-5599).
A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects (CVE-2019-10142).
Jonathan Looney discovered that the...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24973

- https://bugs.mageia.org/show_bug.cgi?id=24840

- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.122

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.123

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.124

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.125

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.126

- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10142

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833

Resolution

MGASA-2019-0196 - Updated kernel-tmb packages fix security vulnerability

SRPMS

- 6/core/kernel-tmb-4.14.127-1.mga6

Severity
Publication date: 21 Jun 2019
URL: https://advisories.mageia.org/MGASA-2019-0196.html
Type: security
CVE: CVE-2019-5599, CVE-2019-10142, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11833

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved