[LU-8513] kernel update [RHEL7.2 3.10.0-327.28.3.el7] Created: 18/Aug/16  Updated: 06/Dec/16  Resolved: 06/Dec/16

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.9.0

Type: Bug Priority: Minor
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernel's networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)

Bugs fixed (https://bugzilla.redhat.com/):

1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure.

 Comments   
Comment by Gerrit Updater [ 20/Aug/16 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/22049
Subject: LU-8513 kernel: kernel update RHEL7.2 [3.10.0-327.28.3.el7]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 80ae734d071af5c2f1b4418a46408e72d10a759e

Comment by Gerrit Updater [ 08/Sep/16 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/22049/
Subject: LU-8513 kernel: kernel update RHEL7.2 [3.10.0-327.28.3.el7]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 6c81fc1c38e2600bfc7c73185ff5d885df22f6b3

Comment by Joseph Gmitter (Inactive) [ 06/Dec/16 ]

Landed to master for 2.9.0

Generated at Sat Feb 10 02:18:13 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.