[Kernel-packages] [Bug 1831637] Re: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
** Tags added: cscc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1831637 Title: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling Status in linux package in Ubuntu: Fix Released Status in linux source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: Jonathan Looney discovered that a remote attacker could cause a denial of service (system crash) via a maliciously crafted TCP session and a certain sequence of SACKs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1831637] Re: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
Ubuntu 14.04 ESM's base kernel was fixed with version 3.13.0-171.222. Ubuntu 12.04 ESM's base kernel was fixed with version 3.2.0-141.188. ** Changed in: linux (Ubuntu Trusty) Status: New => Fix Released ** Changed in: linux (Ubuntu Precise) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1831637 Title: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling Status in linux package in Ubuntu: Fix Released Status in linux source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: Jonathan Looney discovered that a remote attacker could cause a denial of service (system crash) via a maliciously crafted TCP session and a certain sequence of SACKs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1831637] Re: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
This bug was fixed in the package linux - 5.0.0-17.18 --- linux (5.0.0-17.18) disco; urgency=medium * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard manipulation (LP: #1831638) - SAUCE: tcp: tcp_fragment() should apply sane memory limits * Remote denial of service (system crash) caused by integer overflow in TCP SACK handling (LP: #1831637) - SAUCE: tcp: limit payload size of sacked skbs -- Stefan Bader Tue, 04 Jun 2019 17:22:50 +0200 ** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1831637 Title: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling Status in linux package in Ubuntu: Fix Released Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: Jonathan Looney discovered that a remote attacker could cause a denial of service (system crash) via a maliciously crafted TCP session and a certain sequence of SACKs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1831637] Re: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
This bug report represents CVE-2019-11477 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11477 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1831637 Title: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling Status in linux package in Ubuntu: In Progress Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: Jonathan Looney discovered that a remote attacker could cause a denial of service (system crash) via a maliciously crafted TCP session and a certain sequence of SACKs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1831637] Re: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1831637 Title: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling Status in linux package in Ubuntu: In Progress Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: Jonathan Looney discovered that a remote attacker could cause a denial of service (system crash) via a maliciously crafted TCP session and a certain sequence of SACKs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
