Patch your Centos Machines now

Thanks to Jan Dennis Bungart for posting this on his Facebook page. Centos has a Kernel vulnerability which can be exploited to take the machine offline. To read the gory details:

https://access.redhat.com/security/vulnerabilities/tcpsack

CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
CVE-2019-11478: SACK Slowness (Linux < 4.15) or Excess Resource Usage (all Linux versions)
CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values (all Linux versions)

If you want to take the time to download and run the detections script you can do so at the following link:

https://access.redhat.com/sites/default/files/cve-2019-11477–2019-06-17-1629.sh

I copied this script. Created a file on the server named “detect.sh” did chmod 755 and chmod +x on it and then ran it. I did this on one system to see if I needed to do a reboot after the kernel patches were applied or not.  You do need to do a reboot.   After that, I just installed the updates on each machine and rebooted them.