On 2019-06-20 07:00 PM, David C. Rankin wrote:
All,
Anyone know whether there is a planned fix for:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
related:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
Suggested work-around:
echo 0 > /proc/sys/net/ipv4/tcp_sack
(default is 1)
From El Reg:
With CVE-2019-11477, a string of TCP SACK responses will cause the Linux kernel to unexpectedly hit an internal data structure limit, triggering a fatal panic. The others affecting Linux will force the system to consume resources, thus slowing it down, as Red Hat explained in its technical summary (https://access.redhat.com/security/vulnerabilities/tcpsack) today.
(had to resend from a day or so ago)
This was already resolved on the 18th. The CVE you mention is specifically stated. See for example https://lists.opensuse.org/opensuse-updates/2019-06/msg00088.html Separate messages were sent out for each of 42.3 and 15.* -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org