Alpine Linux

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux

Notified:  June 19, 2019 Updated: June 20, 2019

Statement Date:   June 20, 2019

Status

  Affected

Vendor Statement

You can find information about which packages(variants)a CVE affected and if(plus when)a package was fixed on our security tracker: https://security.archlinux.org/CVE-2019-11477 https://security.archlinux.org/CVE-2019-11478 https://security.archlinux.org/CVE-2019-11479 We have also published advisories to our distro specific mailinglists and on the security tracker which you will find below. The advisories contain workarounds that we recommended.

Vendor Information

To summarize the fixed versions there: kernel:linux affected:5.1.10.arch1-1 fixed:5.1.11.arch1-1 advisory:https://security.archlinux.org/ASA-201906-13 kernel:linux-lts affected:4.19.51-1 fixed:4.19.52-1 advisory:https://security.archlinux.org/ASA-201906-14 kernel:linux-hardened affected:4.19.52-1 fixed:5.1.11.a-1 advisory:https://security.archlinux.org/ASA-201906-12 kernel:linux-zen affected:5.1.10.zen1-1 fixed:5.1.11.zen1-1 advisory:https://security.archlinux.org/ASA-201906-15

Vendor References

Arista Networks, Inc.

Notified:  June 19, 2019 Updated: July 08, 2019

Statement Date:   July 05, 2019

Status

  Affected

Vendor Statement

Affected..

Vendor Information

https://www.arista.com/en/support/advisories-notices/security-advisories/8066-secur ity-advisory-41 which provides tracking,mitigation,and long term fix information.

Vendor References

Aspera Inc.

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies

Updated:  June 27, 2019

Statement Date:   June 25, 2019

Status

  Affected

Vendor Statement

Check Point is vulnerable to CVE-2019-11478 and in some releases also to CVE-2019-11477. Check Point software is not vulnerable to CVE-2019-11479 or the FreeBSD CVEs.

Vendor Information

The vulnerability to the 2 CVEs is only relevant to traffic directed to or from the gateway or management machines. Traffic going through the gateway for inspection is not affected by the vulnerabilities and won't be affected by disabling SACK. There is a mitigation to the 2 relevant CVEs which is to disable SACK. All relevant information on vulnerable products,mitigations,and fixes to the issues can be found at: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGov iewsolutiondetails=&solutionid=sk156192

Vendor References

CoreOS

Notified:  June 19, 2019 Updated: June 20, 2019

Statement Date:   June 19, 2019

Status

  Affected

Vendor Statement

These vulnerabilities were addressed in CoreOS Container Linux alpha 2163.2.1,beta 2135.3.1,and stable 2079.6.0. Previous versions of CoreOS Container Linux are affected.

Vendor References

Debian GNU/Linux

Notified:  June 19, 2019 Updated: June 20, 2019

Statement Date:   June 20, 2019

Status

  Affected

Vendor Statement

Advisory at https://www.debian.org/security/2019/dsa-4465

Vendor References

Fedora Project

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Updated:  June 20, 2019

Status

  Affected

Vendor Statement

Upgrade your vulnerable system to a supported FreeBSD stable or release/security branch(releng)dated after the correction date.

Vendor References

Geexbox

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marconi, Inc.

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft

Notified:  June 19, 2019 Updated: June 27, 2019

Statement Date:   June 27, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  June 19, 2019 Updated: June 20, 2019

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Slackware Linux Inc.

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  June 19, 2019 Updated: June 20, 2019

Statement Date:   June 19, 2019

Status

  Affected

Vendor Statement

Updates issued on Monday,June 17,2019

Vendor References

Synology

Notified:  June 19, 2019 Updated: June 24, 2019

Statement Date:   June 21, 2019

Status

  Affected

Vendor Statement

Synology has confirmed our products are affected,and we have published a security advisory for your reference: https://www.synology.com/security/advisory/Synology_SA_19_28

Vendor Information

CVE-2019-11477,CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager(DSM)or Synology Router Manager(SRM).

Vendor References

Tizen

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  June 19, 2019 Updated: June 19, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  June 19, 2019 Updated: June 20, 2019

Statement Date:   June 19, 2019

Status

  Affected

Vendor Statement

We have a KnowledgeBase page here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic We released updates for CVE-2019-11477 and CVE-2019-11478. The corresponding Ubuntu Security Notices can be found here: https://usn.ubuntu.com/4017-1/https://usn.ubuntu.com/4017-2/

Vendor Information

A set of future Ubuntu kernel updates will address the sysctl-based mitigation for CVE-2019-11479..

Vendor References

View all 22 vendors View less vendors