OVAL Reference oval:com.ubuntu.cosmic:def:2019114770000000

Oval Definition:

oval:com.ubuntu.cosmic:def:2019114770000000

Revision Date:	2019-06-18	Version:	1
Title:	CVE-2019-11477 on Ubuntu 18.10 (cosmic) - high.
Description:	Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2019-11477
Platform(s):	Ubuntu 18.10	Product(s):
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed. AND Package Information linux package in cosmic was vulnerable but has been fixed (note: '4.18.0-22.23'). OR linux-aws package in cosmic was vulnerable but has been fixed (note: '4.18.0-1018.20'). OR linux-azure package in cosmic was vulnerable but has been fixed (note: '4.18.0-1020.20'). OR linux-gcp package in cosmic was vulnerable but has been fixed (note: '4.18.0-1013.14'). OR linux-kvm package in cosmic was vulnerable but has been fixed (note: '4.18.0-1014.14'). OR linux-meta package in cosmic was vulnerable but has been fixed (note: '4.18.0-22.23'). OR linux-meta-aws package in cosmic was vulnerable but has been fixed (note: '4.18.0-1018.20'). OR linux-meta-azure package in cosmic was vulnerable but has been fixed (note: '4.18.0-1020.20'). OR linux-meta-gcp package in cosmic was vulnerable but has been fixed (note: '4.18.0-1013.14'). OR linux-meta-kvm package in cosmic was vulnerable but has been fixed (note: '4.18.0-1014.14'). OR linux-meta-oem package in cosmic was vulnerable but has been fixed (note: '4.15.0-1043.48'). OR linux-meta-raspi2 package in cosmic was vulnerable but has been fixed (note: '4.18.0-1016.18'). OR linux-oem package in cosmic was vulnerable but has been fixed (note: '4.15.0-1043.48'). OR linux-oracle package in cosmic was vulnerable but has been fixed (note: '4.15.0-1015.17'). OR linux-raspi2 package in cosmic was vulnerable but has been fixed (note: '4.18.0-1016.18'). OR linux-signed package in cosmic was vulnerable but has been fixed (note: '4.18.0-22.23'). OR linux-signed-azure package in cosmic was vulnerable but has been fixed (note: '4.18.0-1020.20'). OR linux-signed-gcp package in cosmic was vulnerable but has been fixed (note: '4.18.0-1013.14'). OR linux-signed-oem package in cosmic was vulnerable but has been fixed (note: '4.15.0-1043.48').

BACK