On 08/10/2016 03:06 PM, Kevin Fenzi wrote:
On Wed, 10 Aug 2016 11:50:37 -0700
Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote:
On 08/09/2016 10:44 PM, Rick Walker wrote:
I'm very skeptical.
Take a look at the pdf linked in the first message. The challenge
ack limit was intended to improve security, but created a
side-channel attack that could allow someone who doesn't control the
communication path to reset connections or insert data on
non-encrypted TCP connections. Until it's fixed, lifting the ACK
limit should reduce the risk.
This was fixed in july in Fedora kernels:
* Tue Jul 12 2016 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 4.6.4-201
- CVE-2016-5389 CVE-2016-5969 tcp challenge ack info leak (rhbz 1354708
1355615)
All the more reason to move off from F22, but first I have to wait until
they fix the desktop environment problem...
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
