RHSA-2019:1490: Important: kernel security and bug fix update
First published: Mon Jun 17 2019(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)</li> <li> kernel: Double free in lib/idr.c (CVE-2019-3896)</li> <li> Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)</li> <li> Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> MDS mitigations not enabled on Intel Skylake CPUs (BZ#1713025)</li> <li> [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1713028)</li> <li> RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1713043)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-abi-whitelists | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-debug | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-debug-debuginfo | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-debug-devel | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-debuginfo | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-devel | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-doc | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-firmware | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/kernel-headers | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/perf | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/perf-debuginfo | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/python-perf | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
| redhat/python-perf-debuginfo | <2.6.32-431.95.3.el6 | 2.6.32-431.95.3.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1694812
- https://bugzilla.redhat.com/show_bug.cgi?id=1719123
- https://bugzilla.redhat.com/show_bug.cgi?id=1719128
- https://bugzilla.redhat.com/show_bug.cgi?id=1719129
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://access.redhat.com/errata/RHSA-2019:1490 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2019:1490?
The severity of RHSA-2019:1490 is classified as critical due to the potential for remote code execution.
How do I fix RHSA-2019:1490?
To fix RHSA-2019:1490, update the kernel package to version 2.6.32-431.95.3.el6 or later.
What systems are affected by RHSA-2019:1490?
RHSA-2019:1490 affects Red Hat Enterprise Linux 6 systems running the vulnerable kernel versions.
What specific vulnerability does RHSA-2019:1490 address?
RHSA-2019:1490 addresses an integer overflow flaw in the Linux kernel's networking subsystem related to TCP Selective Acknowledgment.
Is it necessary to restart my system after applying the patch for RHSA-2019:1490?
Yes, it is necessary to reboot your system after applying the patch for RHSA-2019:1490 to ensure the new kernel is loaded.
- agent/severity
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2019:1490
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat