CVE-2019-11479 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size (MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increases the Linux kernel's resource (CPU, Memory, and Bandwidth) utilization. A remote attacker could use this flaw to cause a denial of service (DoS) by repeatedly sending network traffic on a TCP connection with low TCP MSS. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-986 | linux-hardened | 5.1.10.a-1 | 5.1.11.a-1 | High | Fixed | |
| AVG-985 | linux-zen | 5.1.10.zen1-1 | 5.1.11.zen1-1 | High | Fixed | |
| AVG-984 | linux-lts | 4.19.51-1 | 4.19.52-1 | High | Fixed | |
| AVG-983 | linux | 5.1.10.arch1-1 | 5.1.11.arch1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 18 Jun 2019 | ASA-201906-15 | AVG-985 | linux-zen | High | denial of service |
| 18 Jun 2019 | ASA-201906-14 | AVG-984 | linux-lts | High | denial of service |
| 18 Jun 2019 | ASA-201906-13 | AVG-983 | linux | High | denial of service |
| 17 Jun 2019 | ASA-201906-12 | AVG-986 | linux-hardened | High | denial of service |
| Notes |
|---|
Workaround: $ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP IMPORTANT: The net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when using the iptables rules shown above. Ensure it is disabled using the following command: $ sysctl net.ipv4.tcp_mtu_probing net.ipv4.tcp_mtu_probing = 0 |