This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
Thanks to Jan Dennis Bungart for posting this on his Facebook page. Centos has a Kernel vulnerability which can be exploited to take the machine offline. To read the gory details:
CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
CVE-2019-11478: SACK Slowness (Linux < 4.15) or Excess Resource Usage (all Linux versions)
CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values (all Linux versions)
If you want to take the time to download and run the detections script you can do so at the following link:
I copied this script. Created a file on the server named “detect.sh” did chmod 755 and chmod +x on it and then ran it. I did this on one system to see if I needed to do a reboot after the kernel patches were applied or not. You do need to do a reboot. After that, I just installed the updates on each machine and rebooted them.