{"id":"MGASA-2019-0197","summary":"Updated kernel-linus packages fix security vulnerability","details":"This kernel-linus update is based on the upstream 4.14.127 and fixes at least\nthe following security issues:\n\nJonathan Looney discovered that it is possible to send a crafted sequence\nof SACKs which will fragment the RACK send map. An attacker may be able to\nfurther exploit the fragmented send map to cause an expensive linked-list\nwalk for subsequent SACKs received for that same TCP connection\n(CVE-2019-5599).\n\nA flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects (CVE-2019-10142).\n\nJonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value\nwas subject to an integer overflow in the Linux kernel when handling TCP\nSelective Acknowledgments (SACKs). A remote attacker could use this to\ncause a denial of service (CVE-2019-11477).\n\nJonathan Looney discovered that the TCP retransmission queue implementation\nin tcp_fragment in the Linux kernel could be fragmented when handling\ncertain TCP Selective Acknowledgment (SACK) sequences. A remote attacker\ncould use this to cause a denial of service (CVE-2019-11478).\n\nJonathan Looney discovered that the Linux kernel default MSS is hard-coded\nto 48 bytes. This allows a remote peer to fragment TCP resend queues\nsignificantly more than if a larger MSS were enforced. A remote attacker\ncould use this to cause a denial of service (CVE-2019-11479).\n\nfs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out\nthe unused memory region in the extent tree block, which might allow\nlocal users to obtain sensitive information by reading uninitialized\ndata in the filesystem (CVE-2019-11833).\n\nIt also fixes an upstream regression that caused older 'legacy'\nbluetooth adapters to stop working (mga #24840).\n\nFor other uptstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T00:10:55.011406912Z","published":"2019-06-21T01:07:01Z","upstream":["CVE-2019-10142","CVE-2019-11477","CVE-2019-11478","CVE-2019-11479","CVE-2019-11833","CVE-2019-5599"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0197.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24974"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24840"},{"type":"ADVISORY","url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.120"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.121"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.122"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.123"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.124"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.125"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.126"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.127-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0197.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}