{
  "schema_version": "1.7.0",
  "id": "MGASA-2019-0195",
  "published": "2019-06-21T01:07:01Z",
  "modified": "2022-02-17T18:21:47Z",
  "summary": "Updated kernel packages fix security vulnerability",
  "details": "This kernel update is based on the upstream 4.14.127 and fixes at least\nthe following security issues:\n\nJonathan Looney discovered that it is possible to send a crafted sequence\nof SACKs which will fragment the RACK send map. An attacker may be able to\nfurther exploit the fragmented send map to cause an expensive linked-list\nwalk for subsequent SACKs received for that same TCP connection\n(CVE-2019-5599).\n\nJonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value\nwas subject to an integer overflow in the Linux kernel when handling TCP\nSelective Acknowledgments (SACKs). A remote attacker could use this to\ncause a denial of service (CVE-2019-11477).\n\nJonathan Looney discovered that the TCP retransmission queue implementation\nin tcp_fragment in the Linux kernel could be fragmented when handling\ncertain TCP Selective Acknowledgment (SACK) sequences. A remote attacker\ncould use this to cause a denial of service (CVE-2019-11478).\n\nJonathan Looney discovered that the Linux kernel default MSS is hard-coded\nto 48 bytes. This allows a remote peer to fragment TCP resend queues\nsignificantly more than if a larger MSS were enforced. A remote attacker\ncould use this to cause a denial of service (CVE-2019-11479).\n\nWireGuard has been updated to 0.0.20190601.\n\nFor other uptstream fixes in this update, see the referenced changelogs.\n",
  "upstream": [
    "CVE-2019-5599",
    "CVE-2019-11477",
    "CVE-2019-11478",
    "CVE-2019-11479"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2019-0195.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=24972"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.122"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.123"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.124"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.125"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.126"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "kernel",
        "purl": "pkg:rpm/mageia/kernel?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.14.127-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "kernel-userspace-headers",
        "purl": "pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.14.127-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "kmod-vboxadditions",
        "purl": "pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.8-4.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "kmod-virtualbox",
        "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.8-4.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "kmod-xtables-addons",
        "purl": "pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.13-88.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "wireguard-tools",
        "purl": "pkg:rpm/mageia/wireguard-tools?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.20190601-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}