Date: Mon, 17 Jun 2019 20:20:23 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: Security Report <security-report@...smail.netflix.com>, security-report@...flix.com Subject: Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues On Mon, Jun 17, 2019 at 10:33:38AM -0700, Security Report wrote: > Netflix has identified several TCP networking vulnerabilities in FreeBSD > and Linux kernels. > > The vulnerabilities specifically relate to the minimum segment size (MSS) > and TCP Selective Acknowledgement (SACK) capabilities. The most serious, > dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent > Linux kernels. > > There are patches that address most of these vulnerabilities. If patches > can not be applied, certain mitigations will be effective. We recommend > that affected parties enact one of those described below, based on their > environment. To answer all of the paniced emails I have already started to get, all of these patches are now in the following Linux stable kernel releases that just went out a few minutes ago: 4.4.182 4.9.182 4.14.127 4.19.52 5.1.11 Other than the 3.16.y kernel branch, all other kernel branches are end-of-life, and will not be getting updates for these, or any other, bugfixes. I do not know when/if Ben will be doing a release for 3.16.y with these fixes. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.