Date: Tue, 18 Jun 2019 06:39:34 -0400 From: Nicholas Luedtke <nicholas.luedtke@...lumni.com> To: oss-security@...ts.openwall.com Cc: Security Report <security-report@...smail.netflix.com>, security-report@...flix.com Subject: Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues > On Mon, Jun 17, 2019 at 10:56 PM Greg KH <greg@...ah.com> wrote: > >> On Mon, Jun 17, 2019 at 10:33:38AM -0700, Security Report wrote: >>> Netflix has identified several TCP networking vulnerabilities in FreeBSD >>> and Linux kernels. >>> >>> The vulnerabilities specifically relate to the minimum segment size >> (MSS) >>> and TCP Selective Acknowledgement (SACK) capabilities. The most serious, >>> dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent >>> Linux kernels. >>> >>> There are patches that address most of these vulnerabilities. If patches >>> can not be applied, certain mitigations will be effective. We recommend >>> that affected parties enact one of those described below, based on their >>> environment. >> >> To answer all of the paniced emails I have already started to get, all >> of these patches are now in the following Linux stable kernel releases >> that just went out a few minutes ago: >> 4.4.182 >> 4.9.182 >> 4.14.127 >> 4.19.52 >> 5.1.11 >> >> Other than the 3.16.y kernel branch, all other kernel branches are >> end-of-life, and will not be getting updates for these, or any other, >> bugfixes. I do not know when/if Ben will be doing a release for 3.16.y >> with these fixes. >> >> thanks, >> >> greg k-h >> Now that the upstream commit appears on the git, these fixes now also appear on https://www.linuxkernelcves.com <https://www.linuxkernelcves.com/> -Nicholas
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.