What to do about Denial of Service Vulnerability for Kernel version's 4.9+ ?
57 views
Skip to first unread message
Jeff Andich
Aug 7, 2018, 9:49:54 AM8/7/18
to BeagleBoard
Hello,
We got an email at work about the following advisories about a denial of service vulnerability in the TCP implementation in kernel versions 4.9 and greater:
There's a patch, called out in the above link, and the patch comments describe the issue and the current fix:
If we're running kernel version 4.9 or greater on our beaglebone/beagleboard products, what do you recommend we do?
Should we go ahead and apply the patch to every image we download from beagleboard.org with kernel 4.9 or greater if we're connecting our beagles on the internet and are concerned about the attack, or has the fix already be "rolled" into certain images?
Thanks!!!!
Jeff
Robert Nelson
Aug 7, 2018, 10:14:46 AM8/7/18
to Beagle Board, Jeff Andich
4.17.11
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.17.11&id=db11182a1e38e7149804962111622b15bd9aeff2
4.14.59
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.59&id=f3a5ba6310e11df370f6888ed716d1486896d983
Our update script already pulls in:
http://repos.rcn-ee.net/latest/stretch-armhf/LATEST-ti
ABI:1 LTS414 4.14.60-ti-r67
and
http://repos.rcn-ee.net/latest/stretch-armhf/LATEST-armv7
ABI:1 LTS414 4.14.60-armv7-x5
ABI:1 STABLE 4.17.12-armv7-x12
http://repos.rcn-ee.net/latest/stretch-armhf/LATEST-armv7-lpae
ABI:1 LTS414 4.14.60-armv7-lpae-x3
ABI:1 STABLE 4.17.12-armv7-lpae-x12
Regards,
--
Robert Nelson
https://rcn-ee.com/
Jeff Andich
Aug 7, 2018, 10:24:26 AM8/7/18
to BeagleBoard
Good to know!
Thanks!!
Jeff
Jeff Andich
Oct 22, 2018, 3:10:16 PM10/22/18
to BeagleBoard
Robert,
We need to stick with kernel version 4.9 as our WiFi driver (SI Labs WF111) currently only compiles for kernels up to 4.9. Compile breaks for kernel 4.14.69.
To apply the DoS patch to 4.9.82-ti-r102, is there an easier way than to apply a kernel patch, then to have to re-build the kernel from the patched kernel source?? For instance, is there a package which will apply the patch? We're trying to stick as close as possible to stock images, if at all possible, so that people less familiar with Linux can re-generate an image.
Also, if we need to re-build the kernel, the above links reference 2 patches with minor differences. Is there a specific version of the patch we need for kernel 4.9, or can we just apply the latest patch for 4.17.11?
Thanks in advance!!
Jeff
Robert Nelson
Oct 22, 2018, 3:24:58 PM10/22/18
to Beagle Board
On Mon, Oct 22, 2018 at 2:10 PM Jeff Andich <jeff....@gmail.com> wrote:
>
> Robert,
>
> We've got a BBB where we're running, bone-debian-9.3-console-armhf-2018-03-05-1gb.img. It has kernel 4.9.82-ti-r102.
>
> We need to stick with kernel version 4.9 as our WiFi driver (SI Labs WF111) currently only compiles for kernels up to 4.9. Compile breaks for kernel 4.14.69.
>
> To apply the DoS patch to 4.9.82-ti-r102, is there an easier way than to apply a kernel patch, then to have to re-build the kernel from the patched kernel source?? For instance, is there a package which will apply the patch? We're trying to stick as close as possible to stock images, if at all possible, so that people less familiar with Linux can re-generate an image.
>
> Also, if we need to re-build the kernel, the above links reference 2 patches with minor differences. Is there a specific version of the patch we need for kernel 4.9, or can we just apply the latest patch for 4.17.11?
>
> Thanks in advance!!
That patch got back-merged in v4.9.116
>
> Robert,
>
> We've got a BBB where we're running, bone-debian-9.3-console-armhf-2018-03-05-1gb.img. It has kernel 4.9.82-ti-r102.
>
> We need to stick with kernel version 4.9 as our WiFi driver (SI Labs WF111) currently only compiles for kernels up to 4.9. Compile breaks for kernel 4.14.69.
>
> To apply the DoS patch to 4.9.82-ti-r102, is there an easier way than to apply a kernel patch, then to have to re-build the kernel from the patched kernel source?? For instance, is there a package which will apply the patch? We're trying to stick as close as possible to stock images, if at all possible, so that people less familiar with Linux can re-generate an image.
>
> Also, if we need to re-build the kernel, the above links reference 2 patches with minor differences. Is there a specific version of the patch we need for kernel 4.9, or can we just apply the latest patch for 4.17.11?
>
> Thanks in advance!!
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=v4.9.116
My last v4.9.x build was: ABI:1 LTS49 4.9.105-ti-r114
I see ti has finally updated there repo:
http://git.ti.com/gitweb/?p=ti-linux-kernel/ti-linux-kernel.git;a=shortlog;h=refs/heads/ti-linux-4.9.y
RT is still stuck on: 4.9.115-rt93
https://mirrors.edge.kernel.org/pub/linux/kernel/projects/rt/4.9/
So give me a moment, let's see if i can update it..
Jeff Andich
Oct 22, 2018, 3:43:28 PM10/22/18
to BeagleBoard
Ok thanks a lot Robert!!!
Robert Nelson
Oct 22, 2018, 4:21:42 PM10/22/18
to Beagle Board
On Mon, Oct 22, 2018 at 2:43 PM Jeff Andich <jeff....@gmail.com> wrote:
>
> Ok thanks a lot Robert!!!
Okay, pushed.. 4.9.126-ti-r115
>
> Ok thanks a lot Robert!!!
no RT, too many changes for me to deal with..
Jeff Andich
Oct 22, 2018, 4:43:24 PM10/22/18
to BeagleBoard
Thanks a lot Robert!!!
Will fetch it, build it, deploy, and test on our image..
Regards,
Jeff
Reply all
Reply to author
Forward
0 new messages