Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. Also, excessive resource consumption (while processing SACK blocks or for TCP connections with low MSS) allows remote denial of service.

Affected product(s) and affected version(s):

AffectedProduct(s)Version(s)
IBM Security Identity Governance and Intelligence5.2.4
IBM Security Identity Governance and Intelligence5.2.5.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1284760

The post Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/3aPedcV