==========================================================================
Kernel Live Patch Security Notice 0052-1
June 18, 2019

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|——————+————–+———-+——————|
| Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic |
| Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

Jonathan Looney discovered that an integer overflow existed in the Linux
kernel when handling TCP Selective Acknowledgments (SACKs). A remote
attacker could use this to cause a denial of service (system crash).
(CVE-2019-11477)

Jonathan Looney discovered that the TCP retransmission queue implementation
in the Linux kernel could be fragmented when handling certain TCP Selective
Acknowledgment (SACK) sequences. A remote attacker could use this to cause
a denial of service. (CVE-2019-11478)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel | Version | flavors |
|————————–+———-+————————–|
| 4.4.0-148.174 | 52.3 | generic, lowlatency |
| 4.4.0-150.176 | 52.3 | generic, lowlatency |
| 4.15.0-50.54 | 52.3 | generic, lowlatency |
| 4.15.0-50.54~16.04.1 | 52.3 | generic, lowlatency |
| 4.15.0-51.55 | 52.3 | generic, lowlatency |
| 4.15.0-51.55~16.04.1 | 52.3 | generic, lowlatency |

References:
CVE-2019-11477, CVE-2019-11478

—