CloudLinux OS Blog - Don’t panic about TCP SACK PANIC—we’re working on it
CloudLinux OS Blog

Featured 

Don’t panic about TCP SACK PANIC—we’re working on it

panic

Recently, TCP networking vulnerabilities have been discovered in FreeBSD and Linux kernels by Netflix.

There are three flaws, one of them is rated by severity as Important (CVE-2019-11477), and two as Moderate (CVE-2019-11478 and CVE-2019-11479).

What is the problem?

The flaws use the Maximum Segment Size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most dangerous—TCP SACK PANIC allows a remote attacker to trigger kernel panic on Linux kernels. You can find the detail description here.

When the CloudLinux OS 6 & 7 kernels will be patched?

We are going to release patches with the fix for TCP SACK PANIC vulnerabilities for CloudLinux OS 6 & 7 to Beta tomorrow, to Stable upcoming Monday.

How to mitigate?

Red Hat specialists propose two mitigation options for CVE-2019-11477 and CVE-2019-11478 flaws: ”disable the vulnerable component, or use iptables to drop connections with an MSS size”. You can find the details here (Resolve tab, Mitigation section).

Sources

Modern UI and improved usability: now the updated...
EasyApache 4 updated
 

Comments 5

Guest - Ryan Smith on Thursday, 20 June 2019 16:15

KernelCare eta?

KernelCare eta?
Ivan Zhmud on Thursday, 20 June 2019 16:55

Hello Ryan.
It will be in 2-3 working days.
Follow please for our updates https://www.kernelcare.com/blog/

Hello Ryan. It will be in 2-3 working days. Follow please for our updates https://www.kernelcare.com/blog/
Guest - Paul Roche on Thursday, 20 June 2019 19:10

Cloudlinux 7 Hybrid?

Cloudlinux 7 Hybrid?
Inessa Atmachian on Thursday, 20 June 2019 19:26

Hi Paul, we are going to release the kernel with the fix for CloudLinux 7 Hybrid in the next week.

Hi Paul, we are going to release the kernel with the fix for CloudLinux 7 Hybrid in the next week.
Guest - Paul Roche on Thursday, 20 June 2019 20:01

Thanks Inessa,
Good to know all is in hand.

Thanks Inessa, Good to know all is in hand.
Already Registered? Login Here
Guest
Monday, 22 July 2019

Captcha Image