Hi, On Thu, Aug 18, 2016 at 10:33:39PM +0000, mancha security wrote: > Hello. > > Recently Yue Cao et al. published findings related to a side-channel > vulnerability in Linux's RFC 5961 TCP challenge ACK implementation in > kernels 3.6+. > > They find the vulnerability can be leveraged by off-path attackers to > trigger connection terminations or data injection. [1] > > The attached backported mitigation for use with 3.10.x (applies cleanly > to 3.10.102) is based on Eric Dumazet's (& Linus Torvalds') mainline > patch. [2] > > I submit it for your consideration for inclusion in 3.10.103. > > Additionally, it is sufficiently self-contained so it likely can be used > with 3.12.x. That's very kind of you, but Chas Williams already provided us with this backport. I hope to be able to work on 3.10.103 this week-end. Thanks! Willy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html