Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190617182023.GA19768@kroah.com>
Date: Mon, 17 Jun 2019 20:20:23 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: Security Report <security-report@...smail.netflix.com>,
	security-report@...flix.com
Subject: Re: Linux and FreeBSD Kernel: Multiple TCP-based
 remote denial of service issues

On Mon, Jun 17, 2019 at 10:33:38AM -0700, Security Report wrote:
> Netflix has identified several TCP networking vulnerabilities in FreeBSD 
> and Linux kernels.
> 
> The vulnerabilities specifically relate to the minimum segment size (MSS) 
> and TCP Selective Acknowledgement (SACK) capabilities. The most serious, 
> dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent 
> Linux kernels.
> 
> There are patches that address most of these vulnerabilities. If patches 
> can not be applied, certain mitigations will be effective. We recommend 
> that affected parties enact one of those described below, based on their 
> environment.

To answer all of the paniced emails I have already started to get, all
of these patches are now in the following Linux stable kernel releases
that just went out a few minutes ago:
	4.4.182
	4.9.182
	4.14.127
	4.19.52
	5.1.11

Other than the 3.16.y kernel branch, all other kernel branches are
end-of-life, and will not be getting updates for these, or any other,
bugfixes.  I do not know when/if Ben will be doing a release for 3.16.y
with these fixes.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.