On Wed, 10 Aug 2016 11:50:37 -0700 Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote: > On 08/09/2016 10:44 PM, Rick Walker wrote: > > I'm very skeptical. > > Take a look at the pdf linked in the first message. The challenge > ack limit was intended to improve security, but created a > side-channel attack that could allow someone who doesn't control the > communication path to reset connections or insert data on > non-encrypted TCP connections. Until it's fixed, lifting the ACK > limit should reduce the risk. This was fixed in july in Fedora kernels: * Tue Jul 12 2016 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 4.6.4-201 - CVE-2016-5389 CVE-2016-5969 tcp challenge ack info leak (rhbz 1354708 1355615) kevin
Attachment:
pgpIcnd5HGJXA.pgp
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org