*New 12.1 series Release:
2019-11-08: XigmaNAS 12.1.0.4.7091 - released!

*New 11.3 series Release:
2019-10-19: XigmaNAS 11.3.0.4.7014 - released


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

(SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

Post/Debate your Suggestions & Requests of XigmaNAS here. This ONLY pertains to XigmaNAS.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
igr4free
Starter
Starter
Posts: 72
Joined: 19 Dec 2016 15:12
Status: Offline

(SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

#1

Post by igr4free » 18 Jun 2019 08:18

hello, I received this notice from my work safety partner.

I didn't know where to place it in the forum, and I think it's important :)

https://www.openwall.com/lists/oss-secu ... 19/06/17/5

Subject: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of
service issues

Netflix has identified several TCP networking vulnerabilities in FreeBSD
and Linux kernels.

The vulnerabilities specifically relate to the minimum segment size (MSS)
and TCP Selective Acknowledgement (SACK) capabilities. The most serious,
dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent
Linux kernels.

There are patches that address most of these vulnerabilities. If patches
can not be applied, certain mitigations will be effective. We recommend
that affected parties enact one of those described below, based on their
environment.
XigmaNAS version 12.0.0.4.6881 - Reticulus RootOnZFS (mirror disk)
HPE Proliant Microserver Gen8 / CPU: E3-1265L V2 @ 2.50GHz / Mem: 16GB DDR3 ECC / Storage: IBM ServerRaid m1015, 4x 1TB HITACHI RaidZ1, 2x 1TB HITACHI Stripe, OS Disk: 2x 80GB INTEL SSD

User avatar
zoon01
Developer
Developer
Posts: 771
Joined: 20 Jun 2012 21:06
Location: Netherlands
Contact:
Status: Offline

Re: (SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

#2

Post by zoon01 » 19 Jun 2019 22:19

Thanks for reporting;
it seems the valid vulnerability CVE-2019-5599 affects FreeBSD 12.0 and XigmaNAS 12.0.0.4.6743 and lower rev numbers!
This evening we already have patched FreeBSD 12.0 to p6 on our end and also today users will be able to download our new releases to be safe!
System specs: XigmaNAS 11.2.0.4 -embedded on Samsung 860 EVO 256GB and Supermicro X10SL7-F w / Bios v3.2, IPMI v.03.84 / CPU E3-1241 v3 @ 3.50GHz - 32GB Crucial DDR3L 1600mhz ECC 1.35v , LSI 2308 on PH20.00.07.00 IT mode, Storage: 5x Western Digital Red (WD30EFRX) raidz

Development system is same system in virtualbox.

mbze430
experienced User
experienced User
Posts: 105
Joined: 20 Nov 2014 05:41
Status: Offline

Re: (SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

#3

Post by mbze430 » 20 Jun 2019 00:24

Since this also affect FreeBSD 11.x, will you update 11.x?
NAS #1 - 11.2.0.4 - Omnius (revision 6625) - SuperMicro X10SL7-F w/ 24GB ECC - LSI SAS 9207-16i - 2x RAIDZ1 (10x3TB) Pools and 1x (2x4TB) Stripe Pool
NAS #2 - 11.2.0.4 - Omnius (revision 6625) - SuperMicro X10SLM-F w/32GB ECC - LSI SAS 9207-8i (RAID10) - IBM M1015-IT Mode (RAID10)

User avatar
zoon01
Developer
Developer
Posts: 771
Joined: 20 Jun 2012 21:06
Location: Netherlands
Contact:
Status: Offline

Re: (SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

#4

Post by zoon01 » 20 Jun 2019 02:57

mbze430 wrote:
20 Jun 2019 00:24
Since this also affect FreeBSD 11.x, will you update 11.x?
This is not a problem at all for FreeBSD 11.x versions!

CVE Name: CVE-2019-5599
Affects: FreeBSD 12.0 and later, please read: FreeBSD-SA-19:08.rack.asc
System specs: XigmaNAS 11.2.0.4 -embedded on Samsung 860 EVO 256GB and Supermicro X10SL7-F w / Bios v3.2, IPMI v.03.84 / CPU E3-1241 v3 @ 3.50GHz - 32GB Crucial DDR3L 1600mhz ECC 1.35v , LSI 2308 on PH20.00.07.00 IT mode, Storage: 5x Western Digital Red (WD30EFRX) raidz

Development system is same system in virtualbox.

mbze430
experienced User
experienced User
Posts: 105
Joined: 20 Nov 2014 05:41
Status: Offline

Re: (SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

#5

Post by mbze430 » 20 Jun 2019 03:44

zoon01 wrote:
19 Jun 2019 22:19
Thanks for reporting;
it seems the valid vulnerability CVE-2019-5599 affects FreeBSD 12.0 and XigmaNAS 12.0.0.4.6743 and lower rev numbers!
This evening we already have patched FreeBSD 12.0 to p6 on our end and also today users will be able to download our new releases to be safe!
thanks for clear up
NAS #1 - 11.2.0.4 - Omnius (revision 6625) - SuperMicro X10SL7-F w/ 24GB ECC - LSI SAS 9207-16i - 2x RAIDZ1 (10x3TB) Pools and 1x (2x4TB) Stripe Pool
NAS #2 - 11.2.0.4 - Omnius (revision 6625) - SuperMicro X10SLM-F w/32GB ECC - LSI SAS 9207-8i (RAID10) - IBM M1015-IT Mode (RAID10)

igr4free
Starter
Starter
Posts: 72
Joined: 19 Dec 2016 15:12
Status: Offline

Re: (SOLVED) Important vulnerability all linux CVE-2019-11477: SACK Panic (Linux >= 2.6.29)

#6

Post by igr4free » 20 Jun 2019 21:08

:mrgreen:

Thnks!!!
XigmaNAS version 12.0.0.4.6881 - Reticulus RootOnZFS (mirror disk)
HPE Proliant Microserver Gen8 / CPU: E3-1265L V2 @ 2.50GHz / Mem: 16GB DDR3 ECC / Storage: IBM ServerRaid m1015, 4x 1TB HITACHI RaidZ1, 2x 1TB HITACHI Stripe, OS Disk: 2x 80GB INTEL SSD

Post Reply

Return to “Suggestions & Requests”