Linux high profile TCP vulnerability
https://ucrtoday.ucr.edu/39030
Way beyond my paygrade but sounds serious, There is a proposed workaround.
Bleh, apparently there is a typo in the workaround, it's supposed to be net.ipv4.tcp_challenge_ack_limit = 999999999
(i.e. missing the / at the beginning)
EDIT: They fixed the workaround so so ignore this post. Not this thread though!
This looks pretty serious. You can track the status of the Debian packages (which will flow downstream) here: https://security-tracker.debian.org/tracker/CVE-2016-5696. But until then, there's that workaround.
Impressive. Too bad this can be globally fixed only with the latest future Linux release.
But the workaround is definitely better than nothing.
This article provides a solution and explains the problem: http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications
Is Debian 7 with 3.2 kernel is vulnerable ?
I read that after 3.6 kernal but just in case i will add this pach to 3.2 debian.
And what about routers ?Many open-wrt routers use 3.10 and up
kernel is this pach is need for them?