blob: f210ff15fac67a53a7cdde4566ab585b812cfd1a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
Package : linux
CVE ID : CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11599 CVE-2019-11815 CVE-2019-11833 VE-2019-11884 CVE-2019-3846 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503
Debian Bug : 928989
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2019-10126
CVE-2019-11477
Jonathan Looney reported that a specially crafted sequence of TCP
selective acknowledgements (SACKs) allows a remotely triggerable
kernel panic.
CVE-2019-11478
Jonathan Looney reported that a specially crafted sequence of TCP
selective acknowledgements (SACKs) will fragment the TCP
retransmission queue, allowing an attacker to cause excessive
resource usage.
CVE-2019-11479
Jonathan Looney reported that an attacker could force the Linux
kernel to segment its responses into multiple TCP segments, each of
which contains only 8 bytes of data, drastically increasing the
bandwidth required to deliver the same amount of data.
This update introduces a new sysctl value to control the minimal MSS
(net.ipv4.tcp_min_snd_mss) which by default uses the formerly hard-
coded value of '48'. To fully protect your systems you need to raise
this setting to a value which fits your local network requirements.
CVE-2019-11486
CVE-2019-11599
CVE-2019-11815
It was discovered that a use-after-free in the Reliable Datagram
Sockets protocol (blacklisted by default in Debian) could result in
denial of service and potentially privilege escalation.
CVE-2019-11833
CVE-2019-11884
CVE-2019-3846
CVE-2019-5489
CVE-2019-9500 CVE-2019-9503
Hugues Anguelkov discovered a buffer overflow and missing access
validation in the Broadcom Wifi driver, which could result in denial
of service or the execution of arbitrary code.
stretch: 4.9.168-1+deb9u3
|