On Monday, three TCP networking vulnerabilities in the Linux kernel were disclosed by Netflix. The most severe of which could allow an attacker to crash a Linux system remotely, causing a denial of service.
They’re related to TCP selective acknowledgement packets and TCP maximum segment sizes and have been assigned the CVE identifiers CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479.
These bugs affect anyone running Linux-based systems and as a preventative measure, we have rolled out an update to our distributed firewall system to block attempts to trigger the crash, so all customer services are currently protected from this vulnerability, including Cloud Load Balancers, Cloud SQL instances and the Orbit storage system.
Updated kernels with fixes are available for all current major Linux distributions and we still recommend that Brightbox customers update and reboot their systems as necessary.
We’re also updating all managed customer systems with the updated kernels and will be scheduling reboots.