| VID |
14224 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The remote system does not apply CESA-2019:1488 which is kernel security update. The system which does not apply the update is affected by the following vulnerabilities :
- An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. (CVE-2019-11477)
- Double free in lib/idr.c (CVE-2019-3896)
- excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)
- excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)
Note: This check solely relied on the kernel RPM version of the remote system to assess this vulnerability, so this might be a false positive.
* References:
https://lists.centos.org/pipermail/centos-announce/2019-June/023332.html
* Platforms Affected:
CentOS Linux Server (v. 6) |
| Recommendation |
Update the affected packages.
Launch the graphical update tool through
System -> Administration -> Software Update
For a command line interface, use the following command to update the operating system:
# yum update |
| Related URL |
CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-3896 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
