Description: Linux Kernel TCP implementation vulnerable to Denial of Service References: https://www.kb.cert.org/vuls/id/962459 https://twitter.com/grsecurity/status/1021536610855333888 https://patchwork.ozlabs.org/cover/947860/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e Notes: carnil> Adressed in 4.14.59, 4.9.116, 4.17.11 carnil> There is a second issue which is not fixed here. Bugs: upstream: released (4.18-rc7) [72cd43ba64fc172a443410ce01645895850844c8, f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7, 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf, 8541b21e781a22dce52a74fef0b9bed00404a1cd, 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c] 4.9-upstream-stable: released (4.9.116) [2d08921c8da26bdce3d8848ef6f32068f594d7d4, fdf258ed5dd85b57cf0e0e66500be98d38d42d02, a878681484a0992ee3dfbd7826439951f9f82a69, 94623c7463f3424776408df2733012c42b52395a] 3.16-upstream-stable: N/A "Vulnerable code introduced later" sid: released (4.17.14-1) 4.9-stretch-security: released (4.9.110-3+deb9u1) [bugfix/all/tcp-free-batches-of-packets-in-tcp_prune_ofo_queue.patch, bugfix/all/tcp-avoid-collapses-in-tcp_prune_queue-if-possible.patch, bugfix/all/tcp-detect-malicious-patterns-in-tcp_collapse_ofo_qu.patch, bugfix/all/tcp-call-tcp_drop-from-tcp_data_queue_ofo.patch] 3.16-jessie-security: N/A "Vulnerable code introduced later"