View Issue Details

IDProjectCategoryView StatusLast Update
0016226Xen4[All Projects] generalpublic2019-07-01 22:24
ReporterMaartenX 
PriorityurgentSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0016226: Latest Xen kernel 4.9.177 is vulnerable to TCP SACK vulnerability
DescriptionThe most recent kernel published at http://mirror.centos.org/centos/7/virt/x86_64/xen-412/ is vulnerable to the TCP SACK vulnerability and needs to be upgraded to at least 4.9.182 or needs to be patched to fix the vulnerability.

Additional Informationhttps://isc.sans.edu/forums/diary/What+You+Need+To+Know+About+TCP+SACK+Panic/25046/
https://cbs.centos.org/koji/buildinfo?buildID=26086
Tagskernel-xen, security, xen, Xen4CentOS

Activities

MaartenX

MaartenX

2019-07-01 22:24

reporter   ~0034757

https://cbs.centos.org/koji/buildinfo?buildID=26283 seems to be in testing

Issue History

Date Modified Username Field Change
2019-06-29 16:49 MaartenX New Issue
2019-06-29 16:49 MaartenX Tag Attached: kernel-xen
2019-06-29 16:49 MaartenX Tag Attached: security
2019-06-29 16:49 MaartenX Tag Attached: xen
2019-06-29 16:49 MaartenX Tag Attached: Xen4CentOS
2019-06-29 17:29 TrevorH Project CentOS-7 => Xen4
2019-06-29 17:29 TrevorH Category kernel => general
2019-07-01 22:24 MaartenX Note Added: 0034757