
Linux Kernel TCP Vulnerability - QUFB
https://blogs.akamai.com/2018/08/linux-kernel-tcp-vulnerability.html
======
jontro
Here is some more info about the vulnerability from the ubuntu log
[https://people.canonical.com/~ubuntu-
security/cve/2018/CVE-2...](https://people.canonical.com/~ubuntu-
security/cve/2018/CVE-2018-5390.html)

------
exrook
Links to relevant kernel commits:

    
    
        | Introduced    | Fixed                      |
        |===============|============================|
        | 36a6503f [3]  |  72cd43ba [0]              |
        | 1da177e4 [4]  |  f4a3313d [1], 3d4bf93a [2]|
    

Looking at the git tags, it looks like commit 36a6503f was introduced in
kernel v4.9-rc1, while 1da177e4 is the first commit in the kernel git repo,
for kernel 2.6-rc2.

[0]
[https://git.kernel.org/linus/72cd43ba64fc172a443410ce0164589...](https://git.kernel.org/linus/72cd43ba64fc172a443410ce01645895850844c8)

[1]
[https://git.kernel.org/linus/f4a3313d8e2ca9fd8d8f45e40a2903b...](https://git.kernel.org/linus/f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7)

[2]
[https://git.kernel.org/linus/3d4bf93ac12003f9b8e1e2de37fe279...](https://git.kernel.org/linus/3d4bf93ac12003f9b8e1e2de37fe27983deebdcf)

[3]
[https://git.kernel.org/linus/36a6503feddadbbad415fb3891e80f9...](https://git.kernel.org/linus/36a6503feddadbbad415fb3891e80f94c10a9b21)

[4]
[https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1f...](https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2)

------
joe_hills
RedHat states RHEL6 and RHEL7 also affected. Mitigation patches are currently
forthcoming.

[https://access.redhat.com/articles/3553061](https://access.redhat.com/articles/3553061)

------
mohamedmansour
More info
[https://www.kb.cert.org/vuls/id/962459](https://www.kb.cert.org/vuls/id/962459)

------
modells
Seems like another good, DiD reason to sanitize external traffic using network
gear or a secondary os transparent proxy/router like one of the 3 BSD’s.

~~~
pastage
What is DiD?

~~~
jlgaddis
"Defense in depth" [0]

[0]:
[https://en.m.wikipedia.org/wiki/Defense_in_depth_(computing)](https://en.m.wikipedia.org/wiki/Defense_in_depth_\(computing\))

~~~
pastage
Thanks, it was a three letter acronym of the worst kind!

