Mailinglist Archive: opensuse-security-announce (93 mails)

< Previous Next >
[security-announce] A new high severity kernel security issue was published
Hi folks,

Just now one of the more severe security issues of this year has been
published.

A remote attacker able to make TCP connections to a Linux machine can
crash this machine, regardless of the service running.

The codename is "SACK Panic" / CVE-2019-11477.

There are two more issues in the block, but these are less severe
(just causing higher memory, compute time or bandwith usage.)

- CVE-2019-11478: SACK Slowness or Excess Resource Usage
- CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values

All SUSE Linux and openSUSE versions are affected, and we are just
releasing all SLE update kernels, and building openSUSE kernels.

There are workarounds, you can disable "SACK" in the system itself
for the first 2 issues, and adding Firewall filtering for low MSS values,
either on the machine or on a firewall in the path.

SUSE TID: https://www.suse.com/de-de/support/kb/doc/?id=7023928
Blog:
https://www.suse.com/c/suse-address-the-sack-panic-tcp-remote-denial-of-service-attacks/

openSUSE Leap kernels are building right now (as they had to wait for
Embargo End) and will be released tomorrow.

Ciao, Marcus
< Previous Next >
This Thread
  • No further messages