CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws
The Red Hat Enterprise Linux and CentOS Linux operating systems have received new Linux kernel security updates that are marked as important and address the recently disclosed TCP vulnerabilities affecting all GNU/Linux distributions.
The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value.
“While processing SACK segments, the Linux kernel’s socket buffer (SKB) data structure becomes fragmented,” reads Red Hat’s security advisory. “Each fragment is about TCP maximum segment size (MSS) byt… (read more)