21 Jun
2019
21 Jun
'19
8:25 a.m.
After 5.12.1 is there any further mitigation needed for: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477 related: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479 Suggested work-around: echo 0 > /proc/sys/net/ipv4/tcp_sack or iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP Are either needed after latest kernel, or is this resolved? -- David C. Rankin, J.D.,P.E.