Zero-Day emergency security patching for most fully linux managed servers

20 Jun 2019

-- This message is only if you have a dedicated linux server or a cloud linux server. --

A vulnerability targeting the networking stack in linux servers running kernel 2.6.29 or newer has been discovered that allows for Networking denial-of-service of varying severity, leveraging TCP "Selective Acknowlegment" (SACK).

Because the vulnerability requires absolutely no authentication, it could be used to deny networking indefinitely to any linux server using an unpatched kernel released in the last 10 years.

Due to the ease of exploitation, and the impact of exploitation, we have patched and rebooted all affected, fully-managed hosts.

You can read more about the exploit (and patches mitigating it), here: https://www.openwall.com/lists/oss-security/2019/06/17/5 and here https://access.redhat.com/security/vulnerabilities/tcpsack

If you have an unmanaged server, please refer to the links above to pacth your server.