CVE-2019-11478: SACK can cause extensive memory use via fragmented resend queue
First published: Tue Jun 11 2019(Updated: )
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection.
Credit: security@ubuntu.com security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.15.3.el6 | 0:2.6.32-754.15.3.el6 |
| redhat/kernel | <0:2.6.32-431.95.3.el6 | 0:2.6.32-431.95.3.el6 |
| redhat/kernel | <0:2.6.32-504.79.3.el6 | 0:2.6.32-504.79.3.el6 |
| redhat/kernel-rt | <0:3.10.0-957.21.3.rt56.935.el7 | 0:3.10.0-957.21.3.rt56.935.el7 |
| redhat/kernel | <0:3.10.0-957.21.3.el7 | 0:3.10.0-957.21.3.el7 |
| redhat/kernel-alt | <0:4.14.0-115.8.2.el7a | 0:4.14.0-115.8.2.el7a |
| redhat/kernel | <0:3.10.0-327.79.2.el7 | 0:3.10.0-327.79.2.el7 |
| redhat/kernel | <0:3.10.0-514.66.2.el7 | 0:3.10.0-514.66.2.el7 |
| redhat/kernel | <0:3.10.0-693.50.3.el7 | 0:3.10.0-693.50.3.el7 |
| redhat/kernel | <0:3.10.0-862.34.2.el7 | 0:3.10.0-862.34.2.el7 |
| redhat/kernel-rt | <0:4.18.0-80.4.2.rt9.152.el8_0 | 0:4.18.0-80.4.2.rt9.152.el8_0 |
| redhat/kernel | <0:4.18.0-80.4.2.el8_0 | 0:4.18.0-80.4.2.el8_0 |
| redhat/kernel-rt | <1:3.10.0-693.50.3.rt56.644.el6 | 1:3.10.0-693.50.3.rt56.644.el6 |
| redhat/redhat-release-virtualization-host | <0:4.2-11.1.el7 | 0:4.2-11.1.el7 |
| redhat/redhat-virtualization-host | <0:4.2-20190618.0.el7_6 | 0:4.2-20190618.0.el7_6 |
| redhat/redhat-release-virtualization-host | <0:4.3.4-1.el7e | 0:4.3.4-1.el7e |
| redhat/redhat-virtualization-host | <0:4.3.4-20190620.3.el7_6 | 0:4.3.4-20190620.3.el7_6 |
| debian/linux | 4.19.249-2 4.19.289-2 5.10.197-1 5.10.191-1 6.1.66-1 6.1.52-1 6.5.13-1 6.6.8-1 | |
| Linux Linux kernel | <4.4.182 | |
| Linux Linux kernel | >=4.5<4.9.182 | |
| Linux Linux kernel | >=4.10<4.14.127 | |
| Linux Linux kernel | >=4.15<4.19.52 | |
| Linux Linux kernel | >=4.20<5.1.11 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.4 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=13.1.1 | |
| F5 BIG-IP Advanced Firewall Manager | >=14.0.0<=14.1.0 | |
| F5 BIG-IP Advanced Firewall Manager | =15.0.0 | |
| F5 BIG-IP Access Policy Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Access Policy Manager | >=12.1.0<=12.1.4 | |
| F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.1 | |
| F5 BIG-IP Access Policy Manager | >=14.0.0<=14.1.0 | |
| F5 BIG-IP Access Policy Manager | =15.0.0 | |
| F5 Big-ip Application Acceleration Manager | >=11.5.2<=11.6.4 | |
| F5 Big-ip Application Acceleration Manager | >=12.1.0<=12.1.4 | |
| F5 Big-ip Application Acceleration Manager | >=13.1.0<=13.1.1 | |
| F5 Big-ip Application Acceleration Manager | >=14.0.0<=14.1.0 | |
| F5 Big-ip Application Acceleration Manager | =15.0.0 | |
| F5 Big-ip Link Controller | >=11.5.2<=11.6.4 | |
| F5 Big-ip Link Controller | >=12.1.0<=12.1.4 | |
| F5 Big-ip Link Controller | >=13.1.0<=13.1.1 | |
| F5 Big-ip Link Controller | >=14.0.0<=14.1.0 | |
| F5 Big-ip Link Controller | =15.0.0 | |
| F5 Big-ip Policy Enforcement Manager | >=11.5.2<=11.6.4 | |
| F5 Big-ip Policy Enforcement Manager | >=12.1.0<=12.1.4 | |
| F5 Big-ip Policy Enforcement Manager | >=13.1.0<=13.1.1 | |
| F5 Big-ip Policy Enforcement Manager | >=14.0.0<=14.1.0 | |
| F5 Big-ip Policy Enforcement Manager | =15.0.0 | |
| F5 Big-ip Webaccelerator | >=11.5.2<=11.6.4 | |
| F5 Big-ip Webaccelerator | >=12.1.0<=12.1.4 | |
| F5 Big-ip Webaccelerator | >=13.1.0<=13.1.1 | |
| F5 Big-ip Webaccelerator | >=14.0.0<=14.1.0 | |
| F5 Big-ip Webaccelerator | =15.0.0 | |
| F5 BIG-IP Application Security Manager | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Application Security Manager | >=12.1.0<=12.1.4 | |
| F5 BIG-IP Application Security Manager | >=13.1.0<=13.1.1 | |
| F5 BIG-IP Application Security Manager | >=14.0.0<=14.1.0 | |
| F5 BIG-IP Application Security Manager | =15.0.0 | |
| F5 Big-ip Local Traffic Manager | >=11.5.2<=11.6.4 | |
| F5 Big-ip Local Traffic Manager | >=12.1.0<=12.1.4 | |
| F5 Big-ip Local Traffic Manager | >=13.1.0<=13.1.1 | |
| F5 Big-ip Local Traffic Manager | >=14.0.0<=14.1.0 | |
| F5 Big-ip Local Traffic Manager | =15.0.0 | |
| F5 Big-ip Fraud Protection Service | >=11.5.2<=11.6.4 | |
| F5 Big-ip Fraud Protection Service | >=12.1.0<=12.1.4 | |
| F5 Big-ip Fraud Protection Service | >=13.1.0<=13.1.1 | |
| F5 Big-ip Fraud Protection Service | >=14.0.0<=14.1.0 | |
| F5 Big-ip Fraud Protection Service | =15.0.0 | |
| F5 Big-ip Global Traffic Manager | >=11.5.2<=11.6.4 | |
| F5 Big-ip Global Traffic Manager | >=12.1.0<=12.1.4 | |
| F5 Big-ip Global Traffic Manager | >=13.1.0<=13.1.1 | |
| F5 Big-ip Global Traffic Manager | >=14.0.0<=14.1.0 | |
| F5 Big-ip Global Traffic Manager | =15.0.0 | |
| F5 BIG-IP Analytics | >=11.5.2<=11.6.4 | |
| F5 BIG-IP Analytics | >=12.1.0<=12.1.4 | |
| F5 BIG-IP Analytics | >=13.1.0<=13.1.1 | |
| F5 BIG-IP Analytics | >=14.0.0<=14.1.0 | |
| F5 BIG-IP Analytics | =15.0.0 | |
| F5 Big-ip Edge Gateway | >=11.5.2<=11.6.4 | |
| F5 Big-ip Edge Gateway | >=12.1.0<=12.1.4 | |
| F5 Big-ip Edge Gateway | >=13.1.0<=13.1.1 | |
| F5 Big-ip Edge Gateway | >=14.0.0<=14.1.0 | |
| F5 Big-ip Edge Gateway | =15.0.0 | |
| F5 Big-ip Domain Name System | >=11.5.2<=11.6.4 | |
| F5 Big-ip Domain Name System | >=12.1.0<=12.1.4 | |
| F5 Big-ip Domain Name System | >=13.1.0<=13.1.1 | |
| F5 Big-ip Domain Name System | >=14.0.0<=14.1.0 | |
| F5 Big-ip Domain Name System | =15.0.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| Canonical Ubuntu Linux | =19.04 | |
| Redhat Enterprise Linux Atomic Host | ||
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Aus | =6.5 | |
| Redhat Enterprise Linux Aus | =6.6 | |
| Redhat Enterprise Linux Eus | =7.4 | |
| Redhat Enterprise Linux Eus | =7.5 | |
| Redhat Enterprise Mrg | =2.0 | |
| Ivanti Connect Secure | ||
| Pulsesecure Pulse Policy Secure | ||
| Pulsesecure Pulse Secure Virtual Application Delivery Controller | ||
| F5 Traffix Signaling Delivery Controller | >=5.0.0<=5.1.0 | |
| Pulsesecure Pulse Connect Secure | ||
| Siemens CloudConnect 712 | <1.1.5 | 1.1.5 |
| Siemens ROX II | <2.13.3 | 2.13.3 |
| Siemens RUGGEDCOM APE 1404 Linux: All versions prior to Debian 9 Linux Image 2019-12-13 | ||
| Siemens RUGGEDCOM RM1224 (6GK6108-4AM00) | <6.2 | 6.2 |
| Siemens RUGGEDCOM RX 1400 VPE Debian Linux: All versions prior to Debian 9 Linux Image 2019-12-13 | ||
| Siemens RUGGEDCOM RX 1400 VPE Linux CloudConnect: All versions prior to Debian 9 Linux Image 2019-12-13 13 (only affected by CVE-2019-11479) | ||
| Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) | <6.2 | 6.2 |
| Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE M875 | ||
| Siemens SCALANCE M876-3 (6GK5876-3AA02-2BA2) | <6.2 | 6.2 |
| Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) | <6.2 | 6.2 |
| Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) | <6.2 | 6.2 |
| Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) | <6.2 | 6.2 |
| Siemens SCALANCE S602 | <4.1 | 4.1 |
| Siemens SCALANCE S612 | <4.1 | 4.1 |
| Siemens SCALANCE S615 (6GK5615-0AA00-2AA2) | <6.2 | 6.2 |
| Siemens SCALANCE S623 | <4.1 | 4.1 |
| Siemens SCALANCE S627-2M | <4.1 | 4.1 |
| Siemens SCALANCE SC622-2C (6GK5622-2GS00-2AC2) | <2.0.1 | 2.0.1 |
| Siemens SCALANCE SC632-2C (6GK5632-2GS00-2AC2) | <2.0.1 | 2.0.1 |
| Siemens SCALANCE SC636-2C (6GK5636-2GS00-2AC2) | <2.0.1 | 2.0.1 |
| Siemens SCALANCE SC642-2C (6GK5642-2GS00-2AC2) | <2.0.1 | 2.0.1 |
| Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2) | <2.0.1 | 2.0.1 |
| Siemens SCALANCE W1750D | <8.6.0 | 8.6.0 |
| Siemens SCALANCE W-700 IEEE 802.11n family | <6.4 | 6.4 |
| Siemens SCALANCE W-1700 IEEE 802.11ac family | <2.0 | 2.0 |
| Siemens SCALANCE WLC711 | ||
| Siemens SCALANCE WLC712 | ||
| Siemens SIMATIC CM 1542-1 | <3.0 | 3.0 |
| Siemens SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) |
Remedy
For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-11478 https://nvd.nist.gov/vuln/detail/CVE-2019-11478 https://patchwork.ozlabs.org/project/netdev/list/?series=114310 https://www.openwall.com/lists/oss-security/2019/06/17/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1719128
- https://access.redhat.com/errata/RHSA-2019:1488
- https://access.redhat.com/errata/RHSA-2019:1490
- https://access.redhat.com/errata/RHSA-2019:1489
- https://access.redhat.com/errata/RHSA-2019:1486
- https://access.redhat.com/errata/RHSA-2019:1481
- https://access.redhat.com/errata/RHSA-2019:1602
- https://access.redhat.com/errata/RHSA-2019:1485
- https://access.redhat.com/errata/RHSA-2019:1484
- https://access.redhat.com/errata/RHSA-2019:1483
- https://access.redhat.com/errata/RHSA-2019:1482
- https://access.redhat.com/errata/RHSA-2019:1480
- https://access.redhat.com/errata/RHSA-2019:1479
- https://access.redhat.com/errata/RHSA-2019:1487
- https://access.redhat.com/errata/RHSA-2019:1594
- https://access.redhat.com/errata/RHSA-2019:1699
- https://access.redhat.com/security/cve/cve-2019-11478
- https://security-tracker.debian.org/tracker/CVE-2019-11478
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
- https://www.ietf.org/rfc/rfc2018.txt
- http://vger.kernel.org/~davem/skb_data.html
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1721256
- https://www.openwall.com/lists/oss-security/2019/06/17/5
- https://patchwork.ozlabs.org/project/netdev/list/?series=114310
- https://access.redhat.com/errata/RHBA-2019:1589
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
- https://seclists.org/bugtraq/2019/Jul/30
- https://security.netapp.com/advisory/ntap-20190625-0001/
- https://support.f5.com/csp/article/K26618426
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://www.kb.cert.org/vuls/id/905115
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://www.cisa.gov/news-events/ics-advisories/icsa-19-253-03 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-11478
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/ics-cert-advisory
- source/ICS
- agent/references
- agent/softwarecombine
- agent/title
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- vendor/f5
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.5.2
- version/f5 big-ip advanced firewall manager/11.6.4
- version/f5 big-ip advanced firewall manager/12.1.0
- version/f5 big-ip advanced firewall manager/12.1.4
- version/f5 big-ip advanced firewall manager/13.1.0
- version/f5 big-ip advanced firewall manager/13.1.1
- version/f5 big-ip advanced firewall manager/14.0.0
- version/f5 big-ip advanced firewall manager/14.1.0
- version/f5 big-ip advanced firewall manager/15.0.0
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/11.5.2
- version/f5 big-ip access policy manager/11.6.4
- version/f5 big-ip access policy manager/12.1.0
- version/f5 big-ip access policy manager/12.1.4
- version/f5 big-ip access policy manager/13.1.0
- version/f5 big-ip access policy manager/13.1.1
- version/f5 big-ip access policy manager/14.0.0
- version/f5 big-ip access policy manager/14.1.0
- version/f5 big-ip access policy manager/15.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.5.2
- version/f5 big-ip application acceleration manager/11.6.4
- version/f5 big-ip application acceleration manager/12.1.0
- version/f5 big-ip application acceleration manager/12.1.4
- version/f5 big-ip application acceleration manager/13.1.0
- version/f5 big-ip application acceleration manager/13.1.1
- version/f5 big-ip application acceleration manager/14.0.0
- version/f5 big-ip application acceleration manager/14.1.0
- version/f5 big-ip application acceleration manager/15.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/11.5.2
- version/f5 big-ip link controller/11.6.4
- version/f5 big-ip link controller/12.1.0
- version/f5 big-ip link controller/12.1.4
- version/f5 big-ip link controller/13.1.0
- version/f5 big-ip link controller/13.1.1
- version/f5 big-ip link controller/14.0.0
- version/f5 big-ip link controller/14.1.0
- version/f5 big-ip link controller/15.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.5.2
- version/f5 big-ip policy enforcement manager/11.6.4
- version/f5 big-ip policy enforcement manager/12.1.0
- version/f5 big-ip policy enforcement manager/12.1.4
- version/f5 big-ip policy enforcement manager/13.1.0
- version/f5 big-ip policy enforcement manager/13.1.1
- version/f5 big-ip policy enforcement manager/14.0.0
- version/f5 big-ip policy enforcement manager/14.1.0
- version/f5 big-ip policy enforcement manager/15.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/11.5.2
- version/f5 big-ip webaccelerator/11.6.4
- version/f5 big-ip webaccelerator/12.1.0
- version/f5 big-ip webaccelerator/12.1.4
- version/f5 big-ip webaccelerator/13.1.0
- version/f5 big-ip webaccelerator/13.1.1
- version/f5 big-ip webaccelerator/14.0.0
- version/f5 big-ip webaccelerator/14.1.0
- version/f5 big-ip webaccelerator/15.0.0
- canonical/f5 big-ip application security manager
- version/f5 big-ip application security manager/11.5.2
- version/f5 big-ip application security manager/11.6.4
- version/f5 big-ip application security manager/12.1.0
- version/f5 big-ip application security manager/12.1.4
- version/f5 big-ip application security manager/13.1.0
- version/f5 big-ip application security manager/13.1.1
- version/f5 big-ip application security manager/14.0.0
- version/f5 big-ip application security manager/14.1.0
- version/f5 big-ip application security manager/15.0.0
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/11.5.2
- version/f5 big-ip local traffic manager/11.6.4
- version/f5 big-ip local traffic manager/12.1.0
- version/f5 big-ip local traffic manager/12.1.4
- version/f5 big-ip local traffic manager/13.1.0
- version/f5 big-ip local traffic manager/13.1.1
- version/f5 big-ip local traffic manager/14.0.0
- version/f5 big-ip local traffic manager/14.1.0
- version/f5 big-ip local traffic manager/15.0.0
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/11.5.2
- version/f5 big-ip fraud protection service/11.6.4
- version/f5 big-ip fraud protection service/12.1.0
- version/f5 big-ip fraud protection service/12.1.4
- version/f5 big-ip fraud protection service/13.1.0
- version/f5 big-ip fraud protection service/13.1.1
- version/f5 big-ip fraud protection service/14.0.0
- version/f5 big-ip fraud protection service/14.1.0
- version/f5 big-ip fraud protection service/15.0.0
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/11.5.2
- version/f5 big-ip global traffic manager/11.6.4
- version/f5 big-ip global traffic manager/12.1.0
- version/f5 big-ip global traffic manager/12.1.4
- version/f5 big-ip global traffic manager/13.1.0
- version/f5 big-ip global traffic manager/13.1.1
- version/f5 big-ip global traffic manager/14.0.0
- version/f5 big-ip global traffic manager/14.1.0
- version/f5 big-ip global traffic manager/15.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.5.2
- version/f5 big-ip analytics/11.6.4
- version/f5 big-ip analytics/12.1.0
- version/f5 big-ip analytics/12.1.4
- version/f5 big-ip analytics/13.1.0
- version/f5 big-ip analytics/13.1.1
- version/f5 big-ip analytics/14.0.0
- version/f5 big-ip analytics/14.1.0
- version/f5 big-ip analytics/15.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/11.5.2
- version/f5 big-ip edge gateway/11.6.4
- version/f5 big-ip edge gateway/12.1.0
- version/f5 big-ip edge gateway/12.1.4
- version/f5 big-ip edge gateway/13.1.0
- version/f5 big-ip edge gateway/13.1.1
- version/f5 big-ip edge gateway/14.0.0
- version/f5 big-ip edge gateway/14.1.0
- version/f5 big-ip edge gateway/15.0.0
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/11.5.2
- version/f5 big-ip domain name system/11.6.4
- version/f5 big-ip domain name system/12.1.0
- version/f5 big-ip domain name system/12.1.4
- version/f5 big-ip domain name system/13.1.0
- version/f5 big-ip domain name system/13.1.1
- version/f5 big-ip domain name system/14.0.0
- version/f5 big-ip domain name system/14.1.0
- version/f5 big-ip domain name system/15.0.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- version/canonical ubuntu linux/19.04
- vendor/redhat
- canonical/redhat enterprise linux atomic host
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux aus
- version/redhat enterprise linux aus/6.5
- version/redhat enterprise linux aus/6.6
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/7.4
- version/redhat enterprise linux eus/7.5
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0
- vendor/ivanti
- canonical/ivanti connect secure
- vendor/pulsesecure
- canonical/pulsesecure pulse policy secure
- canonical/pulsesecure pulse secure virtual application delivery controller
- canonical/f5 traffix signaling delivery controller
- version/f5 traffix signaling delivery controller/5.0.0
- version/f5 traffix signaling delivery controller/5.1.0
- canonical/pulsesecure pulse connect secure
- vendor/siemens
- canonical/siemens cloudconnect 712
- canonical/siemens rox ii
- canonical/siemens ruggedcom ape 1404 linux: all versions prior to debian 9 linux image 2019-12-13
- canonical/siemens ruggedcom rm1224 (6gk6108-4am00)
- canonical/siemens ruggedcom rx 1400 vpe debian linux: all versions prior to debian 9 linux image 2019-12-13
- canonical/siemens ruggedcom rx 1400 vpe linux cloudconnect: all versions prior to debian 9 linux image 2019-12-13 13 (only affected by cve-2019-11479)
- canonical/siemens scalance m804pb (6gk5804-0ap00-2aa2)
- canonical/siemens scalance m812-1 adsl-router (annex a) (6gk5812-1aa00-2aa2)
- canonical/siemens scalance m812-1 adsl-router (annex b) (6gk5812-1ba00-2aa2)
- canonical/siemens scalance m816-1 adsl-router (annex a) (6gk5816-1aa00-2aa2)
- canonical/siemens scalance m816-1 adsl-router (annex b) (6gk5816-1ba00-2aa2)
- canonical/siemens scalance m826-2 shdsl-router (6gk5826-2ab00-2ab2)
- canonical/siemens scalance m874-2 (6gk5874-2aa00-2aa2)
- canonical/siemens scalance m874-3 (6gk5874-3aa00-2aa2)
- canonical/siemens scalance m875
- canonical/siemens scalance m876-3 (6gk5876-3aa02-2ba2)
- canonical/siemens scalance m876-3 (rok) (6gk5876-3aa02-2ea2)
- canonical/siemens scalance m876-4 (eu) (6gk5876-4aa00-2ba2)
- canonical/siemens scalance m876-4 (nam) (6gk5876-4aa00-2da2)
- canonical/siemens scalance s602
- canonical/siemens scalance s612
- canonical/siemens scalance s615 (6gk5615-0aa00-2aa2)
- canonical/siemens scalance s623
- canonical/siemens scalance s627-2m
- canonical/siemens scalance sc622-2c (6gk5622-2gs00-2ac2)
- canonical/siemens scalance sc632-2c (6gk5632-2gs00-2ac2)
- canonical/siemens scalance sc636-2c (6gk5636-2gs00-2ac2)
- canonical/siemens scalance sc642-2c (6gk5642-2gs00-2ac2)
- canonical/siemens scalance sc646-2c (6gk5646-2gs00-2ac2)
- canonical/siemens scalance w1750d
- canonical/siemens scalance w-700 ieee 802.11n family
- canonical/siemens scalance w-1700 ieee 802.11ac family
- canonical/siemens scalance wlc711
- canonical/siemens scalance wlc712
- canonical/siemens simatic cm 1542-1
- canonical/siemens simatic cp 343-1 advanced (incl. siplus variants)