Oracle Enterprise Linux Security Update for kernel (ELSA-2016-1664)

漏洞信息

Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 6

漏洞危害

net/ipv4/tcp_input.c in the Linux kernel does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-1664: Oracle Linux 6