CVE 2019-11477

Related bugs

• #1831637: Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
• #1834439: designated object in OVAL definition may be wrong
• #1836685: CVE: integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs)
• #1852667: livepatch status is less user-friendly once it gets kernel-upgrade-required "cannot send status to server: bad server status 403"

• Link to bug
• Remove bug link

References

• CONFIRM: https://support.f5.com...
• MISC: https://access.redhat....
• MISC: https://git.kernel.org...
• MISC: https://github.com/Net...
• MISC: https://wiki.ubuntu.co...
• CONFIRM: https://kb.pulsesecure...
• MISC: http://packetstormsecu...
• CERT-VN: VU#905115
• MLIST: [oss-security] 2019062...
• CONFIRM: https://www.synology.c...
• CONFIRM: https://security.netap...
• REDHAT: RHSA-2019:1594
• REDHAT: RHSA-2019:1602
• CONFIRM: https://psirt.global.s...
• CONFIRM: https://kc.mcafee.com/...
• MLIST: [oss-security] 2019062...
• CONFIRM: http://www.vmware.com/...
• MLIST: [oss-security] 2019070...
• MLIST: [oss-security] 2019070...
• REDHAT: RHSA-2019:1699
• CONFIRM: https://cert-portal.si...
• MISC: https://www.us-cert.go...
• MISC: http://packetstormsecu...
• MLIST: [oss-security] 2019102...
• MLIST: [oss-security] 2019102...
• CONFIRM: http://www.huawei.com/...
• MISC: https://www.oracle.com...
• CONFIRM: http://www.arubanetwor...
• MISC: https://www.oracle.com...