USN-4017-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-4017-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4017-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4017-2
Related
Published
2019-06-17T17:58:37.310579Z
Modified
2019-06-17T17:58:37.310579Z
Summary
linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities
Details

USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.

Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478)

Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477)

References

Affected packages

Ubuntu:14.04:LTS / linux

Package

Name
linux
Purl
pkg:deb/ubuntu/linux@3.13.0-171.222?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0-171.222

Affected versions

3.*

3.11.0-12.19
3.12.0-1.3
3.12.0-2.5
3.12.0-2.7
3.12.0-3.8
3.12.0-3.9
3.12.0-4.10
3.12.0-4.12
3.12.0-5.13
3.12.0-7.15
3.13.0-1.16
3.13.0-2.17
3.13.0-3.18
3.13.0-4.19
3.13.0-5.20
3.13.0-6.23
3.13.0-7.25
3.13.0-7.26
3.13.0-8.27
3.13.0-8.28
3.13.0-10.30
3.13.0-11.31
3.13.0-12.32
3.13.0-13.33
3.13.0-14.34
3.13.0-15.35
3.13.0-16.36
3.13.0-17.37
3.13.0-18.38
3.13.0-19.39
3.13.0-19.40
3.13.0-20.42
3.13.0-21.43
3.13.0-22.44
3.13.0-23.45
3.13.0-24.46
3.13.0-24.47
3.13.0-27.50
3.13.0-29.53
3.13.0-30.54
3.13.0-30.55
3.13.0-32.57
3.13.0-33.58
3.13.0-34.60
3.13.0-35.62
3.13.0-36.63
3.13.0-37.64
3.13.0-39.66
3.13.0-40.69
3.13.0-41.70
3.13.0-43.72
3.13.0-44.73
3.13.0-45.74
3.13.0-46.75
3.13.0-46.76
3.13.0-46.77
3.13.0-46.79
3.13.0-48.80
3.13.0-49.81
3.13.0-49.83
3.13.0-51.84
3.13.0-52.85
3.13.0-52.86
3.13.0-53.88
3.13.0-53.89
3.13.0-54.91
3.13.0-55.92
3.13.0-55.94
3.13.0-57.95
3.13.0-58.97
3.13.0-59.98
3.13.0-61.100
3.13.0-62.102
3.13.0-63.103
3.13.0-65.105
3.13.0-65.106
3.13.0-66.108
3.13.0-67.110
3.13.0-68.111
3.13.0-70.113
3.13.0-71.114
3.13.0-73.116
3.13.0-74.118
3.13.0-76.120
3.13.0-77.121
3.13.0-79.123
3.13.0-83.127
3.13.0-85.129
3.13.0-86.130
3.13.0-86.131
3.13.0-87.133
3.13.0-88.135
3.13.0-91.138
3.13.0-92.139
3.13.0-93.140
3.13.0-95.142
3.13.0-96.143
3.13.0-98.145
3.13.0-100.147
3.13.0-101.148
3.13.0-103.150
3.13.0-105.152
3.13.0-106.153
3.13.0-107.154
3.13.0-108.155
3.13.0-109.156
3.13.0-110.157
3.13.0-111.158
3.13.0-112.159
3.13.0-113.160
3.13.0-115.162
3.13.0-116.163
3.13.0-117.164
3.13.0-119.166
3.13.0-121.170
3.13.0-123.172
3.13.0-125.174
3.13.0-126.175
3.13.0-128.177
3.13.0-129.178
3.13.0-132.181
3.13.0-133.182
3.13.0-135.184
3.13.0-137.186
3.13.0-139.188
3.13.0-141.190
3.13.0-142.191
3.13.0-143.192
3.13.0-144.193
3.13.0-145.194
3.13.0-147.196
3.13.0-149.199
3.13.0-151.201
3.13.0-153.203
3.13.0-155.205
3.13.0-156.206
3.13.0-157.207
3.13.0-158.208
3.13.0-160.210
3.13.0-161.211
3.13.0-162.212
3.13.0-163.213
3.13.0-164.214
3.13.0-165.215
3.13.0-166.216
3.13.0-167.217
3.13.0-168.218
3.13.0-169.219
3.13.0-170.220

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-3.13.0-171-generic-lpae": "3.13.0-171.222",
            "linux-image-3.13.0-171-generic": "3.13.0-171.222",
            "linux-image-3.13.0-171-lowlatency": "3.13.0-171.222",
            "linux-image-3.13.0-171-powerpc64-emb": "3.13.0-171.222",
            "linux-image-3.13.0-171-powerpc-smp": "3.13.0-171.222",
            "linux-image-3.13.0-171-powerpc-e500mc": "3.13.0-171.222",
            "linux-image-3.13.0-171-powerpc-e500": "3.13.0-171.222",
            "linux-image-3.13.0-171-powerpc64-smp": "3.13.0-171.222"
        }
    ]
}

Ubuntu:14.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws@4.4.0-1046.50?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1046.50

Affected versions

4.*

4.4.0-1002.2
4.4.0-1003.3
4.4.0-1005.5
4.4.0-1006.6
4.4.0-1009.9
4.4.0-1010.10
4.4.0-1011.11
4.4.0-1012.12
4.4.0-1014.14
4.4.0-1016.16
4.4.0-1017.17
4.4.0-1019.19
4.4.0-1022.22
4.4.0-1023.23
4.4.0-1024.25
4.4.0-1025.26
4.4.0-1027.30
4.4.0-1028.31
4.4.0-1029.32
4.4.0-1031.34
4.4.0-1032.35
4.4.0-1034.37
4.4.0-1036.39
4.4.0-1037.40
4.4.0-1038.41
4.4.0-1039.42
4.4.0-1040.43
4.4.0-1042.45
4.4.0-1044.47

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-4.4.0-1046-aws": "4.4.0-1046.50"
        }
    ]
}

Ubuntu:14.04:LTS / linux-azure

Package

Name
linux-azure
Purl
pkg:deb/ubuntu/linux-azure@4.15.0-1047.51~14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1047.51~14.04.1

Affected versions

4.*

4.15.0-1023.24~14.04.1
4.15.0-1030.31~14.04.1
4.15.0-1031.32~14.04.1
4.15.0-1032.33~14.04.2
4.15.0-1035.36~14.04.2
4.15.0-1036.38~14.04.2
4.15.0-1037.39~14.04.2
4.15.0-1039.41~14.04.2
4.15.0-1040.44~14.04.1
4.15.0-1041.45~14.04.1
4.15.0-1042.46~14.04.1
4.15.0-1045.49~14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-4.15.0-1047-azure": "4.15.0-1047.51~14.04.1"
        }
    ]
}

Ubuntu:14.04:LTS / linux-lts-xenial

Package

Name
linux-lts-xenial
Purl
pkg:deb/ubuntu/linux-lts-xenial@4.4.0-151.178~14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-151.178~14.04.1

Affected versions

4.*

4.4.0-13.29~14.04.1
4.4.0-14.30~14.04.2
4.4.0-15.31~14.04.1
4.4.0-18.34~14.04.1
4.4.0-21.37~14.04.1
4.4.0-22.39~14.04.1
4.4.0-22.40~14.04.1
4.4.0-24.43~14.04.1
4.4.0-28.47~14.04.1
4.4.0-31.50~14.04.1
4.4.0-34.53~14.04.1
4.4.0-36.55~14.04.1
4.4.0-38.57~14.04.1
4.4.0-42.62~14.04.1
4.4.0-45.66~14.04.1
4.4.0-47.68~14.04.1
4.4.0-51.72~14.04.1
4.4.0-53.74~14.04.1
4.4.0-57.78~14.04.1
4.4.0-59.80~14.04.1
4.4.0-62.83~14.04.1
4.4.0-63.84~14.04.2
4.4.0-64.85~14.04.1
4.4.0-66.87~14.04.1
4.4.0-67.88~14.04.1
4.4.0-70.91~14.04.1
4.4.0-71.92~14.04.1
4.4.0-72.93~14.04.1
4.4.0-75.96~14.04.1
4.4.0-78.99~14.04.2
4.4.0-79.100~14.04.1
4.4.0-81.104~14.04.1
4.4.0-83.106~14.04.1
4.4.0-87.110~14.04.1
4.4.0-89.112~14.04.1
4.4.0-91.114~14.04.1
4.4.0-92.115~14.04.1
4.4.0-93.116~14.04.1
4.4.0-96.119~14.04.1
4.4.0-97.120~14.04.1
4.4.0-98.121~14.04.1
4.4.0-101.124~14.04.1
4.4.0-103.126~14.04.1
4.4.0-104.127~14.04.1
4.4.0-108.131~14.04.1
4.4.0-109.132~14.04.1
4.4.0-111.134~14.04.1
4.4.0-112.135~14.04.1
4.4.0-116.140~14.04.1
4.4.0-119.143~14.04.1
4.4.0-121.145~14.04.1
4.4.0-124.148~14.04.1
4.4.0-127.153~14.04.1
4.4.0-128.154~14.04.1
4.4.0-130.156~14.04.1
4.4.0-131.157~14.04.1
4.4.0-133.159~14.04.1
4.4.0-134.160~14.04.1
4.4.0-135.161~14.04.1
4.4.0-137.163~14.04.1
4.4.0-138.164~14.04.1
4.4.0-139.165~14.04.1
4.4.0-140.166~14.04.1
4.4.0-141.167~14.04.1
4.4.0-142.168~14.04.1
4.4.0-143.169~14.04.2
4.4.0-144.170~14.04.1
4.4.0-146.172~14.04.1
4.4.0-148.174~14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-4.4.0-151-generic": "4.4.0-151.178~14.04.1",
            "linux-image-4.4.0-151-lowlatency": "4.4.0-151.178~14.04.1",
            "linux-image-4.4.0-151-powerpc64-emb": "4.4.0-151.178~14.04.1",
            "linux-image-4.4.0-151-generic-lpae": "4.4.0-151.178~14.04.1",
            "linux-image-4.4.0-151-powerpc-smp": "4.4.0-151.178~14.04.1",
            "linux-image-4.4.0-151-powerpc64-smp": "4.4.0-151.178~14.04.1",
            "linux-image-4.4.0-151-powerpc-e500mc": "4.4.0-151.178~14.04.1"
        }
    ]
}