[arch-general] CVE-2019-11477 (/proc/sys/net/ipv4/tcp_sack)
David C. Rankin
drankinatty at suddenlinkmail.com
Fri Jun 21 06:25:12 UTC 2019
After 5.12.1 is there any further mitigation needed for:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
related:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
Suggested work-around:
echo 0 > /proc/sys/net/ipv4/tcp_sack
or
iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP
Are either needed after latest kernel, or is this resolved?
--
David C. Rankin, J.D.,P.E.
More information about the arch-general
mailing list