#StackBounty: #ubuntu #security #tcp Windows .NET application can't connect after Ubuntu 16.04 upgrade of linux-image to 4.4.0-151

Bounty: 200

After upgrading Ubuntu 16.04 kernel to linux-image-4.4.0-151-generic some of our clients stopped being able to connect with TCP. Specifically using SSH.NET library from Windows servers with SFTP service provided by CrushFTP.

We had to rollback the upgrade, but the issues fixed in this kernel version look very serious (CVE-2019-11477, CVE-2019-11478 {SACK Panic}, CVE-2019-11479):

Version: 4.4.0-151.178  2019-06-19 13:11:04 UTC

  linux (4.4.0-151.178) xenial; urgency=medium

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

 -- Stefan Bader <email address hidden> Tue, 11 Jun 2019 09:36:19 +0200

Do you know and can share any links for more information about similar problems experienced after upgrade to this specific Ubuntu kernel?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.