All Vulnerability Reports

USN-4017-1: Linux kernel vulnerabilities


Severity

High

Vendor

Pivotal Cloud Foundry

Description

Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478)

Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477)

CVEs contained in this USN include: CVE-2019-11477, CVE-2019-11478

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Vulnerable Cloud Foundry components individually listed here.
  • Impacted stemcells may be updated independently of upgrading Pivotal Application Service or PCF Isolation Segment.
  • Pivotal Application Service includes vulnerable stemcells in the following releases:
    • 2.6.x versions prior to 2.6.1
    • 2.5.x versions prior to 2.5.6
    • 2.4.x versions prior to 2.4.10
    • 2.3.x versions prior to 2.3.14
  • PCF Isolation Segment includes vulnerable stemcells in the following releases:
    • 2.6.x versions prior to 2.6.1
    • 2.5.x versions prior to 2.5.6
    • 2.4.x versions prior to 2.4.10
    • 2.3.x versions prior to 2.3.14
  • Pivotal Operations Manager is vulnerable in the following releases:
    • 2.6.x versions prior to 2.6.1
    • 2.5.x versions prior to 2.5.7
    • 2.4.x versions prior to 2.4.15
    • 2.3.x versions prior to 2.3.21

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Ops Manager: 2.6.1, 2.5.7, 2.4.15, 2.3.21
    • Pivotal Application Service: 2.6.1, 2.5.6, 2.4.10, 2.3.14
    • PCF Isolation Segment : 2.6.1, 2.5.6, 2.4.10, 2.3.14

References