This appeared on the local LUG forum with the comment that it affects other Linux versions too.
https://www.suse.com/de-de/support/kb/doc/?id=7023928
Kernel Vunerable?
- Gordon Cooper
- Posts: 965
- Joined: Mon Nov 21, 2011 5:50 pm
Kernel Vunerable?
Backup: Dell9010, MX-19_B2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.
Re: Kernel Vunerable?
https://www.bleepingcomputer.com/news/s ... y-netflix/
The SACK Panic vulnerability (Debian, Red Hat, Ubuntu, Suse, AWS) impacts Linux kernels 2.6.29 and later, and it can be exploited by "sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS" which will trigger an integer overflow.
To fix the issue, "Apply the patch PATCH_net_1_4.patch. Additionally, versions of the Linux kernel up to, and including, 4.14 require a second patch PATCH_net_1a.patch," says Netflix Information Security's advisory.
To mitigate the issue, users and administrator can completely disable SACK processing on the system (by setting /proc/sys/net/ipv4/tcp_sack to 0) or block connections with a low MSS using the filters provided by Netflix Information Security HERE — the second mitigation measure will only be effective when TCP probing is also disabled.
Re: Kernel Vunerable?
The debian 4.9 kernel has already been patched. So far the 4.19 has not been. I'm pretty sure that will happen soon & Stevo will build it for the repos.
At least it's not a "run random code" bug, it can just slow down or crash a system.
At least it's not a "run random code" bug, it can just slow down or crash a system.
HP Pavillion TP01, AMD Ryzen 3 5300G (quad core), Crucial 500GB SSD, Toshiba 6TB 7200rpm
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Re: Kernel Vunerable?
All four Netflix patches applied cleanly to the MX 4.19.37 kernel to take care of the severe and the two moderate CVEs that Netflix disclosed, so they are rebuilding now.
- Gordon Cooper
- Posts: 965
- Joined: Mon Nov 21, 2011 5:50 pm
Re: Kernel Vunerable?
Thank you.
Backup: Dell9010, MX-19_B2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.