[LU-8513] kernel update [RHEL7.2 3.10.0-327.28.3.el7] - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.9.0
Affects Version/s: None
Labels:
None

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernel's networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)

Bugs fixed (https://bugzilla.redhat.com/):

1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure.

Attachments

Activity

People

Assignee:: Bob Glossman (Inactive)

Reporter:: Bob Glossman (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Aug/16 4:25 PM

Updated:: 06/Dec/16 3:25 PM

Resolved:: 06/Dec/16 3:25 PM