After upgrading Ubuntu 16.04 kernel to linux-image-4.4.0-151-generic some of our clients stopped being able to connect with TCP. Specifically using SSH.NET library from Windows servers with SFTP service provided by CrushFTP.
We had to rollback the upgrade, but the issues fixed in this kernel version look very serious (CVE-2019-11477, CVE-2019-11478 {SACK Panic}, CVE-2019-11479):
Version: 4.4.0-151.178 2019-06-19 13:11:04 UTC
linux (4.4.0-151.178) xenial; urgency=medium
* Remote denial of service (system crash) caused by integer overflow in TCP
SACK handling (LP: #1831637)
- SAUCE: tcp: limit payload size of sacked skbs
- SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
* Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
manipulation (LP: #1831638)
- SAUCE: tcp: tcp_fragment() should apply sane memory limits
-- Stefan Bader <email address hidden> Tue, 11 Jun 2019 09:36:19 +0200
Do you know and can share any links for more information about similar problems experienced after upgrade to this specific Ubuntu kernel?
0 Answers