Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Kernel Vunerable?

Post Reply
User avatar
Gordon Cooper
Forum Guide
Forum Guide
Posts: 2387
Joined: Mon Nov 21, 2011 5:50 pm

Kernel Vunerable?

#1

Post by Gordon Cooper » Mon Jun 17, 2019 7:30 pm

This appeared on the local LUG forum with the comment that it affects other Linux versions too.

https://www.suse.com/de-de/support/kb/doc/?id=7023928
Backup: Dell9010, MX-18.2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.

User avatar
colin_b
Forum Regular
Forum Regular
Posts: 551
Joined: Sun Mar 19, 2017 7:21 pm

Re: Kernel Vunerable?

#2

Post by colin_b » Mon Jun 17, 2019 8:05 pm

https://www.bleepingcomputer.com/news/s ... y-netflix/
The SACK Panic vulnerability (Debian, Red Hat, Ubuntu, Suse, AWS) impacts Linux kernels 2.6.29 and later, and it can be exploited by "sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS" which will trigger an integer overflow.

To fix the issue, "Apply the patch PATCH_net_1_4.patch. Additionally, versions of the Linux kernel up to, and including, 4.14 require a second patch PATCH_net_1a.patch," says Netflix Information Security's advisory.

To mitigate the issue, users and administrator can completely disable SACK processing on the system (by setting /proc/sys/net/ipv4/tcp_sack to 0) or block connections with a low MSS using the filters provided by Netflix Information Security HERE — the second mitigation measure will only be effective when TCP probing is also disabled.

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 5121
Joined: Wed Jul 12, 2006 4:05 pm

Re: Kernel Vunerable?

#3

Post by timkb4cq » Mon Jun 17, 2019 8:18 pm

The debian 4.9 kernel has already been patched. So far the 4.19 has not been. I'm pretty sure that will happen soon & Stevo will build it for the repos.

At least it's not a "run random code" bug, it can just slow down or crash a system.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 19864
Joined: Fri Dec 15, 2006 8:07 pm

Re: Kernel Vunerable?

#4

Post by Stevo » Mon Jun 17, 2019 9:40 pm

All four Netflix patches applied cleanly to the MX 4.19.37 kernel to take care of the severe and the two moderate CVEs that Netflix disclosed, so they are rebuilding now.

User avatar
Gordon Cooper
Forum Guide
Forum Guide
Posts: 2387
Joined: Mon Nov 21, 2011 5:50 pm

Re: Kernel Vunerable?

#5

Post by Gordon Cooper » Mon Jun 17, 2019 9:48 pm

Thank you.
Backup: Dell9010, MX-18.2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.

Post Reply

Return to “General”