stephane
(stephane)
June 17, 2019, 9:42pm
1
kernels required this patch
# Advisory
###### ID: NFLX-2019-001
###### Title: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities
###### Release Date: 2019-06-17
###### Severity: Critical
### Overview:
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.
The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed _“SACK Panic_,” allows a remotely-triggered kernel panic on recent Linux kernels.
There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. We recommend that affected parties enact one of those described below, based on their environment.
### Details:
#### 1: [CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477): SACK Panic (Linux >= 2.6.29)
This file has been truncated. show original
Hi.
Thanks for info.
The patch you are writing about is now available in kernel 5.1.11. We released it at night for Cooker.
If everything works as it should, it will appear soon in other releases like stable Lx4.0.