diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2019-06-17 14:38:21 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-06-17 14:38:21 +0200 |
| commit | 7e999912e00691c392e8b2dc53e6c8b2ecac099b (patch) | |
| tree | 180bf5bbfd8a3bf5cecdca336de3c0418b3c1909 /dsa-texts/4.9.168-1+deb9u3 | |
| parent | 53225233281858c83a789a7b27be14866cd1eb7a (diff) | |
Start draft for 4.9.168-1+deb9u3 advisory
Diffstat (limited to 'dsa-texts/4.9.168-1+deb9u3')
| -rw-r--r-- | dsa-texts/4.9.168-1+deb9u3 | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/dsa-texts/4.9.168-1+deb9u3 b/dsa-texts/4.9.168-1+deb9u3 new file mode 100644 index 00000000..ccde2e61 --- /dev/null +++ b/dsa-texts/4.9.168-1+deb9u3 @@ -0,0 +1,60 @@ +Package : linux +CVE ID : CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833 VE-2019-11884 CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503 +Debian Bug : 928989 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2019-10126 + +CVE-2019-11477 + + Jonathan Looney reported that a specially crafted sequence of TCP + selective acknowledgements (SACKs) allows a remotely triggerable + kernel panic. + +CVE-2019-11478 + + Jonathan Looney reported that a specially crafted sequence of TCP + selective acknowledgements (SACKs) will fragment the TCP + retransmission queue, allowing an attacker to cause excessive + ressource usage. + +CVE-2019-11479 + + Jonathan Looney reported that an attacker could force the Linux + kernel to segment its responses into multiple TCP segments, each of + which contains only 8 bytes of data, drastically increasing the + bandwidth required to deliver the same amount of data. + + This update introduces a new sysctl value to control the minimal MSS + (net.ipv4.tcp_min_snd_mss) which by default uses the formerly hard- + coded value of '48'. To fully protect your systems you need to raise + this setting to a value which fits your local network requirements. + +CVE-2019-11486 + +CVE-2019-11599 + +CVE-2019-11815 + + It was discovered that a use-after-free in the Reliable Datagram + Sockets protocol (blacklisted by default in Debian) could result in + denial of service and potentially privilege escalation. + +CVE-2019-11833 + +CVE-2019-11884 + +CVE-2019-3846 + +CVE-2019-5489 + +CVE-2019-9500 CVE-2019-9503 + + Hugues Anguelkov discovered a buffer overflow and missing access + validation in the Broadcom Wifi driver, which could result in denial + of service or the execution of arbitrary code. + +stretch: 4.9.168-1+deb9u3 |