SciLinux: SLSA-2019-1488-1 Important: kernel on SL6.x i386/x86

Synopsis: Important: kernel security and bug fix update
Advisory ID:       SLSA-2019:1488-1
Issue Date:        2019-06-17
CVE Numbers:       CVE-2019-11477
                   CVE-2019-11478
                   CVE-2019-11479
                   CVE-2019-3896
--

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel's
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel's socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP
maximum segment size (MSS) bytes. To efficiently process SACK blocks, the
Linux kernel merges multiple fragmented SKBs into one, potentially
overflowing the variable holding the number of segments. A remote attacker
could use this flaw to crash the Linux kernel by sending a crafted
sequence of SACK segments on a TCP connection with small value of TCP MSS,
resulting in a denial of service (DoS). (CVE-2019-11477)

* kernel: Double free in lib/idr.c (CVE-2019-3896)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

Bug Fix(es):

* MDS mitigations not enabled on Intel Skylake CPUs

* kernel does not disable SMT with mds=full,nosmt

* md_clear flag missing from /proc/cpuinfo
--

SL6
  x86_64
    kernel-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
    kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
    kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm
    kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm
    perf-2.6.32-754.15.3.el6.x86_64.rpm
    perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
    python-perf-2.6.32-754.15.3.el6.x86_64.rpm
  i386
    kernel-2.6.32-754.15.3.el6.i686.rpm
    kernel-debug-2.6.32-754.15.3.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
    kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
    kernel-devel-2.6.32-754.15.3.el6.i686.rpm
    kernel-headers-2.6.32-754.15.3.el6.i686.rpm
    perf-2.6.32-754.15.3.el6.i686.rpm
    perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
    python-perf-2.6.32-754.15.3.el6.i686.rpm
  noarch
    kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
    kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
    kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm

- Scientific Linux Development Team
Get the Latest News & Insights
SciLinux: SLSA-2019-1488-1 Important: kernel on SL6.x i386/x86_64

Summary

Security Fixes

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
