Hi folks,
Just now one of the more severe security issues of this year has been
published.
A remote attacker able to make TCP connections to a Linux machine can
crash this machine, regardless of the service running.
The codename is “SACK Panic” / CVE-2019-11477.
There are two more issues in the block, but these are less severe
(just causing higher memory, compute time or bandwith usage.)
– CVE-2019-11478: SACK Slowness or Excess Resource Usage
– CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values
All SUSE Linux and openSUSE versions are affected, and we are just
releasing all SLE update kernels, and building openSUSE kernels.
There are workarounds, you can disable “SACK” in the system itself
for the first 2 issues, and adding Firewall filtering for low MSS values,
either on the machine or on a firewall in the path.
SUSE TID: https://www.suse.com/de-de/support/kb/doc/?id=7023928
Blog: https://www.suse.com/c/suse-address-the-sack-panic-tcp-remote-denial-of-service-attacks/
openSUSE Leap kernels are building right now (as they had to wait for
Embargo End) and will be released tomorrow.
Ciao, Marcus
—–BEGIN PGP SIGNATURE—–
iQIVAwUBXQffqyIJ1pAvlpyVAQpOmQ//UWQVSsGzT5Odeg3lZtIR4qK1t9+jp2lM
nmSce44I5esyc8G7tCIZno/8tiCT8IbtFlnrVgpD+o/Z+D7r7eDHd5L0vz68Thz9
03Zz+HhDCgjlYHAdvFSb9QL4WqWnA9L8ZG1ysZGb80kbQjtz9RvLc7BCaa5DNyR0
3w3ufkJBCW1BZZhc14DthXl5ceYswYbjMNnlJ4Q+qyniaKnp8/MX6StGynLsLv4d
6tEGrlgfLKnJoceUjJvTwHZUuLoPWIbvqxAMsiyi7lBbhrswDhtHnCpBIolTbJ1i
uR7zl/KfIEfY3DEHmSLPF/yKzDlN1TfFIpaJ0ONfjvmu5EbiCz9JiN14bq/gCIMQ
AqmS+CRu9b/YJA/HTGp4/g8fwtrzBr9RHHIBGeRgj/xfUVnO3kcEnK7ypY5zT9k6
Ly3r3srtqIVvA1AzXxVcWKohFMpLNLxj0a0J59IhBs5x2nSiPAmQ6Bw55CTtaI6v
DGUqtd0gBAmWSnbux7nBojsd0FLrP2c4H/R2EYM9JCU4B2h2XnTdWT/1NjTHTJVR
sBVbtI4nEyKWe5J1UkknfUx5VizXUUzvEGA31JT7aIKEi382uwbEsev62zCx+UR0
JzZbCgvOAXzCqC5AsF7OUOzfWWfMt7IUQWV0wf3TfOnyzEH645SMuYgRXb3Fbmmu
Cm2kHXS345U=
=k2/v
—–END PGP SIGNATURE—–