projects / openwrt / staging / chunkeey.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf8da98) | patch
kernel: backport upstream challenge ACK fix (CVE-2016-5696)
authorJo-Philipp Wich <jo@mein.io>
Sat, 13 Aug 2016 13:17:42 +0000 (15:17 +0200)
committerJo-Philipp Wich <jo@mein.io>
Sat, 13 Aug 2016 14:23:23 +0000 (16:23 +0200)
commit3c2c31bb66e5b247ffbb3cafac2a21d441daef39
tree2edd869c7011775fa3f8cd6ecb93a075b95ae38ctree | snapshot
parentcf8da98e947056848431502b03d006ee80b5f930commit | diff
kernel: backport upstream challenge ACK fix (CVE-2016-5696)

Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.

Backports upstream commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758
to the used LEDE kernel versions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
target/linux/generic/patches-3.18/096-tcp-make-challenge-acks-less-predictable.patch [new file with mode: 0644] blob
target/linux/generic/patches-4.1/096-tcp-make-challenge-acks-less-predictable.patch [new file with mode: 0644] blob
target/linux/generic/patches-4.4/096-tcp-make-challenge-acks-less-predictable.patch [new file with mode: 0644] blob
Staging tree of Christian Lamparter