Zero-Day emergency security patching for most fully linux managed servers
-- This message is only if you have a dedicated linux server or a cloud linux server. --
A vulnerability targeting the networking stack in linux servers running kernel 2.6.29 or newer has been discovered that allows for Networking denial-of-service of varying severity, leveraging TCP "Selective Acknowlegment" (SACK).
Because the vulnerability requires absolutely no authentication, it could be used to deny networking indefinitely to any linux server using an unpatched kernel released in the last 10 years.
Due to the ease of exploitation, and the impact of exploitation, we have patched and rebooted all affected, fully-managed hosts.
You can read more about the exploit (and patches mitigating it), here: https://www.openwall.com/lists/oss-security/2019/06/17/5 and here https://access.redhat.com/security/vulnerabilities/tcpsack
If you have an unmanaged server, please refer to the links above to pacth your server.
Thursday, June 20, 2019