Those of you who wrangle multiple operating systems are no doubt aware of CVE-2018-5390 which was un-embargoed in the last couple of days.
Its main emphasis is on the vulnerability of certain Linux kernels in the 4.9 release to DoS attack via a computationally expensive TCP reassembly implementation. Unfortunately US-CERT were less specific on the messaging than they could have been - apparently all versions of linux (and it seems BSD) are vulnerable, though the impact became more severe after 4.9. Given the vulnerability of two systems with such diverse DNA as Linux and BSD, I have to wonder if this is something that might affect our community too. Stack developers have historically talked to each other, shared ideas, etc. Did we have early notification? (this has been a problem in the past). Are we good? Thanks, -r References: NCSC-FI: https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-014.html Mitre CVE database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390 Arista: https://www.arista.com/en/support/advisories-notices/security-advisories/5721-security-advisory-36 Juniper: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10876&actp=SUBSCRIPTION FreeBSD: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125 Powered by Listbox: https://www.listbox.com
