---

CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws

The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value. Furthermore, the Linux kernel security update also fixes two other similar issues (CVE-2019-11478 and CVE-2019-11479), both discovered by Jonathan Looney in Linux kernel’s TCP retransmission queue implementation, which could allow a remote attacker to cause a denial of service that may lead to excessive resource consumption and a system crash.