[opensuse] TCP vulnerability in Linux kernels < 4.7 on opensuse?
Hi, via Spanish opensuse mailing list I heard about this TCP vulnerability that allows an attacker to hijack unencrypted Web traffic, or crash encrypted communications. Googling told me, that the bug is resolved from kernel 4.7 (where on leap I am with 4.1.27 - some felt 2000 years from 4.7...). I wonder why I haven't read about that on this list (I might have missed it though). Question: Was that bug somehow patched in the recent standard opensuse kernels with the common updates like zypper up? If not, what to do? Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi, Yes, we are affected. https://www.suse.com/security/cve/CVE-2016-5696.html It is not as worrysome as it sounds and will be fixed in the next kernel updates. Ciao, Marcus On Mon, Aug 29, 2016 at 09:32:22AM +0200, Daniel Bauer wrote:
Hi,
via Spanish opensuse mailing list I heard about this TCP vulnerability that allows an attacker to hijack unencrypted Web traffic, or crash encrypted communications.
Googling told me, that the bug is resolved from kernel 4.7 (where on leap I am with 4.1.27 - some felt 2000 years from 4.7...).
I wonder why I haven't read about that on this list (I might have missed it though).
Question:
Was that bug somehow patched in the recent standard opensuse kernels with the common updates like zypper up?
If not, what to do?
Daniel
-- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-08-29 10:11, Marcus Meissner wrote:
Hi,
Yes, we are affected.
https://www.suse.com/security/cve/CVE-2016-5696.html
It is not as worrysome as it sounds and will be fixed in the next kernel updates.
What about the suggested modification to /etc/sysctl.conf: net.ipv4.tcp_challenge_ack_limit = 999999999 -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Am 29/08/16 um 10:11 schrieb Marcus Meissner:
Hi,
Yes, we are affected.
https://www.suse.com/security/cve/CVE-2016-5696.html
It is not as worrysome as it sounds and will be fixed in the next kernel updates.
Hello, is there some release plan when this new kernel updates will be released for 13.1 13.2 42.1 ? Thx in advanvce. ME
Ciao, Marcus On Mon, Aug 29, 2016 at 09:32:22AM +0200, Daniel Bauer wrote:
Hi,
via Spanish opensuse mailing list I heard about this TCP vulnerability that allows an attacker to hijack unencrypted Web traffic, or crash encrypted communications.
Googling told me, that the bug is resolved from kernel 4.7 (where on leap I am with 4.1.27 - some felt 2000 years from 4.7...).
I wonder why I haven't read about that on this list (I might have missed it though).
Question:
Was that bug somehow patched in the recent standard opensuse kernels with the common updates like zypper up?
If not, what to do?
Daniel
-- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Sep 03, 2016 at 01:24:27PM +0200, Markus Egg wrote:
Am 29/08/16 um 10:11 schrieb Marcus Meissner:
Hi,
Yes, we are affected.
https://www.suse.com/security/cve/CVE-2016-5696.html
It is not as worrysome as it sounds and will be fixed in the next kernel updates.
Hello,
is there some release plan when this new kernel updates will be released for 13.1 13.2 42.1 ?
42.1 update is in testing. 13.1 and 13.2 will get it in their next rounds. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/03/2016 07:24 AM, Markus Egg wrote:
Am 29/08/16 um 10:11 schrieb Marcus Meissner:
Hi,
Yes, we are affected.
https://www.suse.com/security/cve/CVE-2016-5696.html
It is not as worrysome as it sounds and will be fixed in the next kernel updates.
Hello,
is there some release plan when this new kernel updates will be released for 13.1 13.2 42.1 ?
Regular readers will recall that I make use of the "Kernel Stable" repository http://download.opensuse.org/repositories/Kernel:/stable/standard/ I'm on 13.2 but have been using that repository since was on 13.1 I'm currently running 4.7.2-2.g8a962cf-default Yes, its stable. I've not had problems with this repository other than updates to the BtrFS drivers aren't backward compatible to the original drivers. My file system has been updated and I can no longer run the 3.16 from the DVD. Maybe this matters to you; personally I feel that the updates to the BtrFS in terms of stability and performance are worthwhile. If you were running, say, Windows, and a kernel patch came out for Defence Against the Dark Arts and better performance and fixes to scheduling and Other Good Stuff, wouldn't you apply it? Even if it meant upgrading to W/10 from W/XP? If you are willing to run risks there are other repositories with later kernels and of course the bleeding edge made for today ones that are running modes that aren't tested, haven't been approved by Linus yes etc etc. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/04/2016 07:49 AM, Anton Aylward wrote:
If you were running, say, Windows, and a kernel patch came out for Defence Against the Dark Arts and better performance and fixes to scheduling and Other Good Stuff, wouldn't you apply it? Even if it meant upgrading to W/10 from W/XP?
If you are willing to run risks there are other repositories with later kernels and of course the bleeding edge made for today ones that are running modes that aren't tested, haven't been approved by Linus yes etc etc.
The only 'surprises' I've found with later kernels is they no longer work with my laptop video card, e.g. my trusty [AMD/ATI] RS690M [Radeon Xpress 1200/1250/1270] the screen blinks on and off with anything after 3.15 (sigh). Bottom like, use multiversion to keep your current kernel when you try the new. If you have any problem, just select advanced options on the boot screen and choose your old-kernel, simple as that. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
David C. Rankin composed on 2016-09-11 17:34 (UTC-0500):
The only 'surprises' I've found with later kernels is they no longer work with my laptop video card, e.g. my trusty
[AMD/ATI] RS690M [Radeon Xpress 1200/1250/1270]
the screen blinks on and off with anything after 3.15 (sigh).
Quick and easy test on 42.1, 42.2 or TW, if you first find ample RADEON(0) lines in Xorg.0.log: # zypper rm xf86-video-ati then restart Xorg. That might/(should?) switch to the modesetting driver built into Xorg since server 1.17.x, which could possibly work better than radeon ever did. I don't remember ATM whether I tried this with ATI older than 5450HD, with which modesetting works nicely here. If you're still on 13.1 or 13.2, updating Xorg to repositories/X11:/XOrg should put you in the same place. cf. http://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-Debian-Abandon-Int... -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Anton Aylward -
Carlos E. R. -
Daniel Bauer -
David C. Rankin -
Felix Miata -
Marcus Meissner -
Markus Egg