oss-sec mailing list archives
Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues
From: Greg KH <greg () kroah com>
Date: Mon, 17 Jun 2019 20:20:23 +0200
On Mon, Jun 17, 2019 at 10:33:38AM -0700, Security Report wrote:
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. We recommend that affected parties enact one of those described below, based on their environment.
To answer all of the paniced emails I have already started to get, all
of these patches are now in the following Linux stable kernel releases
that just went out a few minutes ago:
4.4.182
4.9.182
4.14.127
4.19.52
5.1.11
Other than the 3.16.y kernel branch, all other kernel branches are
end-of-life, and will not be getting updates for these, or any other,
bugfixes. I do not know when/if Ben will be doing a release for 3.16.y
with these fixes.
thanks,
greg k-h
Current thread:
- Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Security Report (Jun 17)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Greg KH (Jun 17)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Loganaden Velvindron (Jun 17)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Nicholas Luedtke (Jun 18)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Loganaden Velvindron (Jun 17)
- Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues Greg KH (Jun 17)