Linux vulnerability

Started by yankeedoodle, August 11, 2016, 12:55:22 PM

Previous topic - Next topic

yankeedoodle


rmstock

#1
From : LWN.net :

[$] The TCP "challenge ACK" side channel
[Security] Posted Aug 10, 2016 21:14 UTC (Wed) by jake
http://lwn.net/Articles/696868/  (in 7 days anyone can view, for now payperview)
  "Side-channel attacks against various kinds of protocols (typically
   networking or cryptographic) are both dangerous and often hard for
   developers and reviewers to spot. They are generally passive attacks,
   which makes them hard to detect as well. A recent paper [PDF] describes
   in detail one such attack against the kernel's TCP networking stack;
   the bug (CVE-2016-5696) has existed since Linux 3.6, which was released
   in 2012. Ironically, the bug was introduced because Linux has
   implemented a countermeasure against another type of attack.

   Full Story (comments: 5) "


To me personnally kernel 3.6 is brandnew. I run a couple of boxes on kernel 2.6.32 and
higher (2.6.39) and a webwerver on kernel 3.2 ... Ubuntu 14.04 and 16.04 all have a
kernel version higher as 3.6 ( 3.19.0 for Ubuntu 14.04  and 4.4.0 for Ubuntu 16.04) .
I have to admit i was running/booting these Ubuntu machines on a need to run basis ...
because after a while these machines tend to become a bit sluggish.

``I hope that the fair, and, I may say certain prospects of success will not induce us to relax.''
-- Lieutenant General George Washington, commander-in-chief to
   Major General Israel Putnam,
   Head-Quarters, Valley Forge, 5 May, 1778