Details of VAR-201906-1174

ID

VAR-201906-1174

CVE

CVE-2019-11479

TITLE

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

Trust: 0.8

sources: CERT/CC: VU#905115

DESCRIPTION

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels. Linux Kernel Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:1488-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1488 Issue date: 2019-06-17 CVE Names: CVE-2019-3896 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: Double free in lib/idr.c (CVE-2019-3896) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * MDS mitigations not enabled on Intel Skylake CPUs (BZ#1710081) * RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1710121) * [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1710517) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1694812 - CVE-2019-3896 kernel: Double free in lib/idr.c 1719123 - CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service 1719128 - CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service 1719129 - CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.15.3.el6.src.rpm i386: kernel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-devel-2.6.32-754.15.3.el6.i686.rpm kernel-headers-2.6.32-754.15.3.el6.i686.rpm perf-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm kernel-doc-2.6.32-754.15.3.el6.noarch.rpm kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm x86_64: kernel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm perf-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.15.3.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm kernel-doc-2.6.32-754.15.3.el6.noarch.rpm kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm x86_64: kernel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm perf-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.15.3.el6.src.rpm i386: kernel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-devel-2.6.32-754.15.3.el6.i686.rpm kernel-headers-2.6.32-754.15.3.el6.i686.rpm perf-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm kernel-doc-2.6.32-754.15.3.el6.noarch.rpm kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm ppc64: kernel-2.6.32-754.15.3.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.15.3.el6.ppc64.rpm kernel-debug-2.6.32-754.15.3.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.15.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.15.3.el6.ppc64.rpm kernel-devel-2.6.32-754.15.3.el6.ppc64.rpm kernel-headers-2.6.32-754.15.3.el6.ppc64.rpm perf-2.6.32-754.15.3.el6.ppc64.rpm perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm s390x: kernel-2.6.32-754.15.3.el6.s390x.rpm kernel-debug-2.6.32-754.15.3.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.s390x.rpm kernel-debug-devel-2.6.32-754.15.3.el6.s390x.rpm kernel-debuginfo-2.6.32-754.15.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.15.3.el6.s390x.rpm kernel-devel-2.6.32-754.15.3.el6.s390x.rpm kernel-headers-2.6.32-754.15.3.el6.s390x.rpm kernel-kdump-2.6.32-754.15.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.15.3.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.15.3.el6.s390x.rpm perf-2.6.32-754.15.3.el6.s390x.rpm perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm x86_64: kernel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm perf-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.15.3.el6.ppc64.rpm perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm python-perf-2.6.32-754.15.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.15.3.el6.s390x.rpm kernel-debuginfo-2.6.32-754.15.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.15.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.15.3.el6.s390x.rpm perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm python-perf-2.6.32-754.15.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.15.3.el6.src.rpm i386: kernel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-devel-2.6.32-754.15.3.el6.i686.rpm kernel-headers-2.6.32-754.15.3.el6.i686.rpm perf-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm kernel-doc-2.6.32-754.15.3.el6.noarch.rpm kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm x86_64: kernel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm perf-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm python-perf-2.6.32-754.15.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm python-perf-2.6.32-754.15.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3896 https://access.redhat.com/security/cve/CVE-2019-11477 https://access.redhat.com/security/cve/CVE-2019-11478 https://access.redhat.com/security/cve/CVE-2019-11479 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/tcpsack 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXQfbBdzjgjWX9erEAQjjiw//QtCd50n/kyijAWgyi02UAPD+QrPWRv6a gLSESiQGCl7YvWgt96eI5DANREmFMWQ8wB0LRku4KJ4tutBdTcyouWrHgHEYhXLB 24ZBi8HB/L9EhxKoQlHlY68ekZzbOcjqZhrL5K2xUnoVTJDo/+d+vtJgOIlrV/PC aXxRL5nez5Y8pjCiwqm37RP7OUnn6daLtqcu42DR9XovXqORrfJVo43+5HR0drLA ZB2B0ERUU+iFKpS6p9qIgfMLR9KRlMikeI+NRU/1JBjEDT5C4uT4fqULjM4a4QcR 4Cm+wN6ku7CTK8l+1RAKSAn12KMjHUfMhWT1X0XFTFl3lFifL6o6+5D0OVSM68xL k+E8pmoilN1nFk49Z9uLDbCJogLbPdgSOZohiuYLBfUE4IUy0OiCodmKRlQBxWTK tYBMbUQ1stywEGngsFAXnF7BIeC346+uvMT83TlfbhV+TNIFARjwx9ySNrV7hLes enTzE250yv7LaZ0tXGKhoPXfLif7nFFVNzupV1PM3uHDCjLYLRq5JQcd1IWCrBS0 IF5A/kp1X9zV8lO4fghj3aSXA7HwQphRBEJ4FkZSu34eqUX5rrC96X5T/8T9McOK iOKT/z03WI1mSBJUrU/x7N2v44mXr0kropqd/Yfqf6KQDJWW3aXkJJWxNMgBqiYS l+p3rcEBzDA=NzJu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Mistmach between 'tty->termios->c_lflag' and 'ldata->icanon' for 'ICANON' (BZ#1708061) * RHEL7: rwsem reader/writer mutual exclusion guarantee may not work (BZ#1709702) * hardened usercopy is causing crash (BZ#1712311) * [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update (BZ#1712991) * [RHEL7] MDS mitigations are not enabled after double microcode update (BZ#1712996) * WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90 __static_key_slow_dec+0xa6/0xb0 (BZ#1713002) * [debug kernel] [x86_64]INFO: possible circular locking dependency detected (BZ#1715326) * RHEL-7.7: tty: termios_rwsem possible deadlock (BZ#1715329) Enhancement(s): * [MCHP 7.7 FEAT] Update smartpqi driver to latest upstream (BZ#1709467) 4. ========================================================================== Ubuntu Security Notice USN-4041-1 June 29, 2019 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. We apologize for the inconvenience. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1010-aws 5.0.0-1010.11 linux-image-5.0.0-1010-azure 5.0.0-1010.10 linux-image-5.0.0-1010-gcp 5.0.0-1010.10 linux-image-5.0.0-1010-kvm 5.0.0-1010.11 linux-image-5.0.0-1012-raspi2 5.0.0-1012.12 linux-image-5.0.0-1016-snapdragon 5.0.0-1016.17 linux-image-5.0.0-20-generic 5.0.0-20.21 linux-image-5.0.0-20-generic-lpae 5.0.0-20.21 linux-image-5.0.0-20-lowlatency 5.0.0-20.21 linux-image-aws 5.0.0.1010.10 linux-image-azure 5.0.0.1010.9 linux-image-gcp 5.0.0.1010.10 linux-image-generic 5.0.0.20.21 linux-image-generic-lpae 5.0.0.20.21 linux-image-gke 5.0.0.1010.10 linux-image-kvm 5.0.0.1010.10 linux-image-lowlatency 5.0.0.20.21 linux-image-raspi2 5.0.0.1012.9 linux-image-snapdragon 5.0.0.1016.9 linux-image-virtual 5.0.0.20.21 Ubuntu 18.10: linux-image-4.18.0-1015-gcp 4.18.0-1015.16 linux-image-4.18.0-1016-kvm 4.18.0-1016.17 linux-image-4.18.0-1018-raspi2 4.18.0-1018.21 linux-image-4.18.0-1020-aws 4.18.0-1020.24 linux-image-4.18.0-1023-azure 4.18.0-1023.24 linux-image-4.18.0-25-generic 4.18.0-25.26 linux-image-4.18.0-25-generic-lpae 4.18.0-25.26 linux-image-4.18.0-25-lowlatency 4.18.0-25.26 linux-image-4.18.0-25-snapdragon 4.18.0-25.26 linux-image-aws 4.18.0.1020.20 linux-image-azure 4.18.0.1023.25 linux-image-gcp 4.18.0.1015.15 linux-image-generic 4.18.0.25.26 linux-image-generic-lpae 4.18.0.25.26 linux-image-gke 4.18.0.1015.15 linux-image-kvm 4.18.0.1016.16 linux-image-lowlatency 4.18.0.25.26 linux-image-powerpc-e500mc 4.18.0.25.26 linux-image-powerpc-smp 4.18.0.25.26 linux-image-powerpc64-emb 4.18.0.25.26 linux-image-powerpc64-smp 4.18.0.25.26 linux-image-raspi2 4.18.0.1018.15 linux-image-snapdragon 4.18.0.25.26 linux-image-virtual 4.18.0.25.26 Ubuntu 18.04 LTS: linux-image-4.15.0-1017-oracle 4.15.0-1017.19 linux-image-4.15.0-1036-gcp 4.15.0-1036.38 linux-image-4.15.0-1036-gke 4.15.0-1036.38 linux-image-4.15.0-1038-kvm 4.15.0-1038.38 linux-image-4.15.0-1040-raspi2 4.15.0-1040.43 linux-image-4.15.0-1043-aws 4.15.0-1043.45 linux-image-4.15.0-1045-oem 4.15.0-1045.50 linux-image-4.15.0-1057-snapdragon 4.15.0-1057.62 linux-image-4.15.0-54-generic 4.15.0-54.58 linux-image-4.15.0-54-generic-lpae 4.15.0-54.58 linux-image-4.15.0-54-lowlatency 4.15.0-54.58 linux-image-4.18.0-1023-azure 4.18.0-1023.24~18.04.1 linux-image-4.18.0-25-generic 4.18.0-25.26~18.04.1 linux-image-4.18.0-25-generic-lpae 4.18.0-25.26~18.04.1 linux-image-4.18.0-25-lowlatency 4.18.0-25.26~18.04.1 linux-image-4.18.0-25-snapdragon 4.18.0-25.26~18.04.1 linux-image-aws 4.15.0.1043.42 linux-image-azure 4.18.0.1023.21 linux-image-gcp 4.15.0.1036.38 linux-image-generic 4.15.0.54.56 linux-image-generic-hwe-18.04 4.18.0.25.74 linux-image-generic-lpae 4.15.0.54.56 linux-image-generic-lpae-hwe-18.04 4.18.0.25.74 linux-image-gke 4.15.0.1036.39 linux-image-gke-4.15 4.15.0.1036.39 linux-image-kvm 4.15.0.1038.38 linux-image-lowlatency 4.15.0.54.56 linux-image-lowlatency-hwe-18.04 4.18.0.25.74 linux-image-oem 4.15.0.1045.49 linux-image-oracle 4.15.0.1017.20 linux-image-powerpc-e500mc 4.15.0.54.56 linux-image-powerpc-smp 4.15.0.54.56 linux-image-powerpc64-emb 4.15.0.54.56 linux-image-powerpc64-smp 4.15.0.54.56 linux-image-raspi2 4.15.0.1040.38 linux-image-snapdragon 4.15.0.1057.60 linux-image-snapdragon-hwe-18.04 4.18.0.25.74 linux-image-virtual 4.15.0.54.56 linux-image-virtual-hwe-18.04 4.18.0.25.74 Ubuntu 16.04 LTS: linux-image-4.15.0-1017-oracle 4.15.0-1017.19~16.04.2 linux-image-4.15.0-1036-gcp 4.15.0-1036.38~16.04.1 linux-image-4.15.0-1043-aws 4.15.0-1043.45~16.04.1 linux-image-4.15.0-1049-azure 4.15.0-1049.54 linux-image-4.15.0-54-generic 4.15.0-54.58~16.04.1 linux-image-4.15.0-54-generic-lpae 4.15.0-54.58~16.04.1 linux-image-4.15.0-54-lowlatency 4.15.0-54.58~16.04.1 linux-image-4.4.0-1051-kvm 4.4.0-1051.58 linux-image-4.4.0-1087-aws 4.4.0-1087.98 linux-image-4.4.0-1114-raspi2 4.4.0-1114.123 linux-image-4.4.0-1118-snapdragon 4.4.0-1118.124 linux-image-4.4.0-154-generic 4.4.0-154.181 linux-image-4.4.0-154-generic-lpae 4.4.0-154.181 linux-image-4.4.0-154-lowlatency 4.4.0-154.181 linux-image-4.4.0-154-powerpc-e500mc 4.4.0-154.181 linux-image-4.4.0-154-powerpc-smp 4.4.0-154.181 linux-image-4.4.0-154-powerpc64-emb 4.4.0-154.181 linux-image-4.4.0-154-powerpc64-smp 4.4.0-154.181 linux-image-aws 4.4.0.1087.90 linux-image-aws-hwe 4.15.0.1043.43 linux-image-azure 4.15.0.1049.52 linux-image-gcp 4.15.0.1036.50 linux-image-generic 4.4.0.154.162 linux-image-generic-hwe-16.04 4.15.0.54.75 linux-image-generic-lpae 4.4.0.154.162 linux-image-generic-lpae-hwe-16.04 4.15.0.54.75 linux-image-gke 4.15.0.1036.50 linux-image-kvm 4.4.0.1051.51 linux-image-lowlatency 4.4.0.154.162 linux-image-lowlatency-hwe-16.04 4.15.0.54.75 linux-image-oem 4.15.0.54.75 linux-image-oracle 4.15.0.1017.11 linux-image-powerpc-e500mc 4.4.0.154.162 linux-image-powerpc-smp 4.4.0.154.162 linux-image-powerpc64-emb 4.4.0.154.162 linux-image-powerpc64-smp 4.4.0.154.162 linux-image-raspi2 4.4.0.1114.114 linux-image-snapdragon 4.4.0.1118.110 linux-image-virtual 4.4.0.154.162 linux-image-virtual-hwe-16.04 4.15.0.54.75 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7) - x86_64 3. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. This module has therefore been disabled. CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto- loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0H04lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tszw//R1zmUfrItTVMKsH3SlhMG/Nyd1efD/MaYwK/MXHv02BH56G3Th/W1uxh MEjyYTs7gE/UNyx6mr90G/BvymKNCqMEk5ooT7+xXcIgfBi+qvQW/YoBSOFi+Gai 58ofw0En+OQ4Fs1J95XRFjgegBitnsBumMxDcn2adKsbr7s8mKDaesENuXGe7sam Da8T6b0akCWK1i85JsQMG3OI661EdjosDHFHJyCVo8L1q3guYG11GPVlT/TI1ErN 68dVqLWq01Vn5TjKaUr6xeAHDMma+fKaHaitnxhmt06AcH/zQo4wDocQx8DOEWpE 6xBcCyABkKQ84iTKrFZKcnBDCwHaEcq6UytqIbkXIGpA0jRgaLzCNEOWt9GuENmt YoaxXwIi9RSMe8flyrWURGyWLrfJkh/Bk/P6WlpOCMSJmB9uXTnPxjMpfoMNqQjs BljbGqeN06dvFAq1fMzlqykbeHzDksHZ4pZizMNYqCNdQs3erm0rdyS55mN60o5/ SDIur1KokXi60zTwDPne1tyh00EP0liWyvh79u2/kaIazjbtTtoVYlyF5Wm/pu/r E46Mpv8pI7YIDNUVrtM/vLznqq+4BcVaqLBIVeMf+XAfqxJ5IrZ4ejaPvlP7hi4+ NwCQrSCaGk2nwBZr6Xs0qYVTsLLY9jkg8FUWPdH4ZEOFcGaWi3A=dgfy -----END PGP SIGNATURE----- . Bug Fix(es): * kernel-rt: update to the RHEL8.0.z batch#1 source tree (BZ#1704955) 4. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.4), redhat-virtualization-host (4.3.4). 7) - aarch64, noarch, ppc64le 3

Trust: 3.51

sources: NVD: CVE-2019-11479 // CERT/CC: VU#905115 // JVNDB: JVNDB-2019-005617 // VULHUB: VHN-143129 // PACKETSTORM: 153316 // PACKETSTORM: 153319 // PACKETSTORM: 153477 // PACKETSTORM: 153317 // PACKETSTORM: 153322 // PACKETSTORM: 153324 // PACKETSTORM: 153337 // PACKETSTORM: 153325 // PACKETSTORM: 153543 // PACKETSTORM: 153318 // PACKETSTORM: 153430 // PACKETSTORM: 153424

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	iworkflow	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.127	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.9	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.182	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.1.11	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.4.182	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	redhat	model:	virtualization host	scope:	eq	version:	4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	lte	version:	5.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.19	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	lte	version:	6.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.1	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	gte	version:	5.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.14	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.52	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	f5	model:	traffix signaling delivery controller	scope:	lte	version:	5.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	traffix signaling delivery controller	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	arch linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	arista	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	coreos	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	freebsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	-	version:	-	Trust: 0.8
vendor:	pulse secure	model:	connect secure	scope:	-	version:	-	Trust: 0.8
vendor:	pulse secure	model:	policy secure	scope:	-	version:	-	Trust: 0.8
vendor:	pulse secure	model:	virtual application delivery controller	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	none	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	aus	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	eus	Trust: 0.8
vendor:	red hat	model:	enterprise linux atomic host	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise mrg	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	virtualization	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#905115 // JVNDB: JVNDB-2019-005617 // NVD: CVE-2019-11479

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11479
value:	HIGH
Trust: 1.0
security@ubuntu.com:	CVE-2019-11479
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-11479
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201906-683
value:	HIGH
Trust: 0.6
VULHUB:	VHN-143129
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11479
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-143129
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11479
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security@ubuntu.com:	CVE-2019-11479
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2019-11479
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-143129 // CNNVD: CNNVD-201906-683 // JVNDB: JVNDB-2019-005617 // NVD: CVE-2019-11479 // NVD: CVE-2019-11479

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	CWE-405	Trust: 1.0
problemtype:	CWE-400	Trust: 0.9

sources: VULHUB: VHN-143129 // JVNDB: JVNDB-2019-005617 // NVD: CVE-2019-11479

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 153477 // CNNVD: CNNVD-201906-683

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201906-683

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005617

PATCH

title:	Linux Kernel Archives	url:	https://www.kernel.org/	Trust: 0.8
title:	tcp: add tcp_min_snd_mss sysctl	url:	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363	Trust: 0.8
title:	tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()	url:	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6	Trust: 0.8
title:	TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479	url:	https://access.redhat.com/security/vulnerabilities/tcpsack	Trust: 0.8
title:	SA44193	url:	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193	Trust: 0.8
title:	K35421172	url:	https://support.f5.com/csp/article/K35421172	Trust: 0.8
title:	SACK Panic and Other TCP Denial of Service Issues	url:	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic	Trust: 0.8
title:	Linux kernel Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93877	Trust: 0.6

sources: CNNVD: CNNVD-201906-683 // JVNDB: JVNDB-2019-005617

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11479	Trust: 4.5
db:	CERT/CC	id:	VU#905115	Trust: 3.3
db:	ICS CERT	id:	ICSA-19-253-03	Trust: 2.5
db:	PULSESECURE	id:	SA44193	Trust: 1.7
db:	ICS CERT	id:	ICSMA-20-170-06	Trust: 1.7
db:	SIEMENS	id:	SSA-462066	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/06/28/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/07/06/4	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/07/06/3	Trust: 1.7
db:	BID	id:	108818	Trust: 1.7
db:	MCAFEE	id:	SB10287	Trust: 1.7
db:	JVN	id:	JVNVU93800789	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005617	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-683	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2378	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3564	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4528	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4255	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2171	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0736	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2155	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2185.6	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2145	Trust: 0.6
db:	AUSCERT	id:	ASB-2019.0178.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4316	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2185.5	Trust: 0.6
db:	PACKETSTORM	id:	153329	Trust: 0.6
db:	LENOVO	id:	LEN-60182	Trust: 0.6
db:	LENOVO	id:	LEN-29592	Trust: 0.6
db:	PACKETSTORM	id:	153477	Trust: 0.2
db:	PACKETSTORM	id:	153478	Trust: 0.1
db:	VULHUB	id:	VHN-143129	Trust: 0.1
db:	PACKETSTORM	id:	153316	Trust: 0.1
db:	PACKETSTORM	id:	153319	Trust: 0.1
db:	PACKETSTORM	id:	153317	Trust: 0.1
db:	PACKETSTORM	id:	153322	Trust: 0.1
db:	PACKETSTORM	id:	153324	Trust: 0.1
db:	PACKETSTORM	id:	153337	Trust: 0.1
db:	PACKETSTORM	id:	153325	Trust: 0.1
db:	PACKETSTORM	id:	153543	Trust: 0.1
db:	PACKETSTORM	id:	153318	Trust: 0.1
db:	PACKETSTORM	id:	153430	Trust: 0.1
db:	PACKETSTORM	id:	153424	Trust: 0.1

sources: CERT/CC: VU#905115 // VULHUB: VHN-143129 // PACKETSTORM: 153316 // PACKETSTORM: 153319 // PACKETSTORM: 153477 // PACKETSTORM: 153317 // PACKETSTORM: 153322 // PACKETSTORM: 153324 // PACKETSTORM: 153337 // PACKETSTORM: 153325 // PACKETSTORM: 153543 // PACKETSTORM: 153318 // PACKETSTORM: 153430 // PACKETSTORM: 153424 // CNNVD: CNNVD-201906-683 // JVNDB: JVNDB-2019-005617 // NVD: CVE-2019-11479

REFERENCES

url:	https://access.redhat.com/security/vulnerabilities/tcpsack	Trust: 4.2
url:	https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md	Trust: 3.3
url:	https://www.us-cert.gov/ics/advisories/icsa-19-253-03	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11479	Trust: 2.6
url:	https://www.synology.com/security/advisory/synology_sa_19_28	Trust: 2.5
url:	http://www.securityfocus.com/bid/108818	Trust: 2.3
url:	https://www.us-cert.gov/ics/advisories/icsma-20-170-06	Trust: 2.3
url:	https://usn.ubuntu.com/4041-1/	Trust: 2.3
url:	https://usn.ubuntu.com/4041-2/	Trust: 2.3
url:	https://wiki.ubuntu.com/securityteam/knowledgebase/sackpanic	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1594	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1602	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1699	Trust: 1.8
url:	https://www.kb.cert.org/vuls/id/905115	Trust: 1.7
url:	http://www.arubanetworks.com/assets/alert/aruba-psa-2020-010.txt	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf	Trust: 1.7
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44193	Trust: 1.7
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0008	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190625-0001/	Trust: 1.7
url:	https://support.f5.com/csp/article/k35421172	Trust: 1.7
url:	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363	Trust: 1.7
url:	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/06/28/2	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/07/06/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/07/06/4	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11479	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2019-11479	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10287	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11477	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11478	Trust: 1.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 1.0
url:	https://access.redhat.com/security/cve/cve-2019-11477	Trust: 1.0
url:	https://bugzilla.redhat.com/):	Trust: 1.0
url:	https://access.redhat.com/security/team/key/	Trust: 1.0
url:	https://access.redhat.com/security/cve/cve-2019-11478	Trust: 1.0
url:	https://access.redhat.com/security/team/contact/	Trust: 1.0
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 1.0
url:	https://support.f5.com/csp/article/k35421172?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11477	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11478	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5599	Trust: 0.8
url:	https://security.archlinux.org/cve-2019-11477https://security.archlinux.org/cve-2019-11478https://security.archlinux.org/cve-2019-11479	Trust: 0.8
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/8066-security-advisory-41	Trust: 0.8
url:	https://coreos.com/releases/	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/cve-2019-11477https://security-tracker.debian.org/tracker/cve-2019-11478https://security-tracker.debian.org/tracker/cve-2019-11479	Trust: 0.8
url:	https://www.suse.com/c/suse-addresses-the-sack-panic-tcp-remote-denial-of-service-attacks/https://www.suse.com/support/kb/doc/?id=7023928	Trust: 0.8
url:	https://usn.ubuntu.com/4017-1/https://usn.ubuntu.com/4017-2/	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93800789/	Trust: 0.8
url:	https://www.kb.cert.org/vuls/id/905115/	Trust: 0.8
url:	https://access.redhat.com/errata/rhsa-2019:1488	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:1483	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:1481	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:1490	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:1486	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:1480	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:1482	Trust: 0.7
url:	https://support.f5.com/csp/article/k35421172?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:1489	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:1487	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:1485	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:1484	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:1479	Trust: 0.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1719129	Trust: 0.6
url:	http://www.kernel.org/	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191530-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191529-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191532-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191536-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191550-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191535-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191534-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191533-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191527-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914089-1.html	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-19-180	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4528/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-60182	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4316/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0736/	Trust: 0.6
url:	https://packetstormsecurity.com/files/153329/linux-freebsd-tcp-based-denial-of-service.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137796	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2155/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2185.6/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/3517185	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-19-253-03	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-denial-of-service-via-tcp-sack-low-mss-resource-29546	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-29592	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4255/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2378/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2145/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2171/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/asb-2019.0178.3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerability-cve-2019-11479-cve-2019-11478-cve-2019-11477/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-denial-of-service-cve-2019-11479-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2185.5/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164286	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-vulnerabilities-in-tcp-cve-2019-11477-cve-2019-11478-cve-2019-11479/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3564/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-the-kernel/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-3896	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3896	Trust: 0.2
url:	https://access.redhat.com/articles/2974891	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10287	Trust: 0.1
url:	https://support.f5.com/csp/article/k35421172?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000004	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-7566	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000004	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1043.45~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.18.0-1020.24	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-54.58	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1087.98	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1010.11	Trust: 0.1
url:	https://usn.ubuntu.com/4041-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1038.38	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-154.181	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1114.123	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-54.58~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1023.24	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1017.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-25.26~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.0.0-20.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1049.54	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1012.12	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1023.24~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1018.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1045.50	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1051.58	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1036.38	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1016.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1043.45	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1010.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1040.43	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.18.0-25.26	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1036.38	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1016.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1057.62	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1015.16	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1036.38~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1010.11	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1017.19~16.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1010.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1118.124	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11833	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11486	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10126	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/linux	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11815	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3846	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9213	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9213	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10167	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10166	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10166	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10168	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10161	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10168	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10161	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10167	Trust: 0.1

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 153316 // PACKETSTORM: 153319 // PACKETSTORM: 153317 // PACKETSTORM: 153322 // PACKETSTORM: 153324 // PACKETSTORM: 153325 // PACKETSTORM: 153543 // PACKETSTORM: 153318 // PACKETSTORM: 153430 // PACKETSTORM: 153424

SOURCES

db:	CERT/CC	id:	VU#905115
db:	VULHUB	id:	VHN-143129
db:	PACKETSTORM	id:	153316
db:	PACKETSTORM	id:	153319
db:	PACKETSTORM	id:	153477
db:	PACKETSTORM	id:	153317
db:	PACKETSTORM	id:	153322
db:	PACKETSTORM	id:	153324
db:	PACKETSTORM	id:	153337
db:	PACKETSTORM	id:	153325
db:	PACKETSTORM	id:	153543
db:	PACKETSTORM	id:	153318
db:	PACKETSTORM	id:	153430
db:	PACKETSTORM	id:	153424
db:	CNNVD	id:	CNNVD-201906-683
db:	JVNDB	id:	JVNDB-2019-005617
db:	NVD	id:	CVE-2019-11479

LAST UPDATE DATE

2026-02-07T21:07:04.621000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#905115	date:	2019-07-08T00:00:00
db:	VULHUB	id:	VHN-143129	date:	2020-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-683	date:	2021-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-005617	date:	2019-09-11T00:00:00
db:	NVD	id:	CVE-2019-11479	date:	2024-11-21T04:21:09.880

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#905115	date:	2019-06-20T00:00:00
db:	VULHUB	id:	VHN-143129	date:	2019-06-19T00:00:00
db:	PACKETSTORM	id:	153316	date:	2019-06-17T19:16:05
db:	PACKETSTORM	id:	153319	date:	2019-06-17T19:16:28
db:	PACKETSTORM	id:	153477	date:	2019-06-28T18:32:22
db:	PACKETSTORM	id:	153317	date:	2019-06-17T19:16:14
db:	PACKETSTORM	id:	153322	date:	2019-06-18T15:43:26
db:	PACKETSTORM	id:	153324	date:	2019-06-18T15:43:49
db:	PACKETSTORM	id:	153337	date:	2019-06-19T17:12:34
db:	PACKETSTORM	id:	153325	date:	2019-06-18T15:43:55
db:	PACKETSTORM	id:	153543	date:	2019-07-08T14:38:09
db:	PACKETSTORM	id:	153318	date:	2019-06-17T19:16:21
db:	PACKETSTORM	id:	153430	date:	2019-06-25T23:50:27
db:	PACKETSTORM	id:	153424	date:	2019-06-25T23:49:17
db:	CNNVD	id:	CNNVD-201906-683	date:	2019-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-005617	date:	2019-06-25T00:00:00
db:	NVD	id:	CVE-2019-11479	date:	2019-06-19T00:15:12.767