We are constantly working to ensure that your website is protected to the fullest. When a new security vulnerability is discovered, we’ll spring into action and attempt to remedy the problem as quickly as possible. After all, we wholeheartedly understand how incredibly important your website is to you. Just recently, a lot of people have been worried about the TCP SACK Panic. The flaw impacts Linux machines. As you already know, we utilize CloudLinux. The good news is that your website is safe. We have solved and patched the vulnerabilities at hand.
How It Happened
First and foremost, you should understand that this is not a problem on our end. There was nothing wrong with our servers. The TCP networking vulnerabilities were actually discovered by Netflix. And, those vulnerabilities were associated with FreeBSD and Linux kernels. In total, the streaming giant discovered three flaws. Two of the flaws have a moderate severity level. One is considered important. The good news is that the problem is being taken care of.
In total, there were three problems discovered. They include the following.
While two are considered moderate risks, the other is considered important. Therefore, this was not an issue that could be ignored. Doing so would only create problems for our customers.
What Could Go Wrong
As you already know, network vulnerabilities are very dangerous. They leave every site on the network at risk. Unfortunately, the recently discovered vulnerabilities are very risky. These flaws utilize MSS and SACK capabilities. The most dangerous of the bunch is the TCP SACK PANIC. When an intruder takes advantage of this security flaw, they’ll be able to remotely trigger kernel panic. This only impacts Linux kernels.
The problem occurs when the Maximum Segment Size or MSS is set to the lowest limit. This can cause SACK panic to occur and that will cause a significant amount of problems. Thankfully, your worries can be put to bed. The issues have been resolved. We worked diligently to remedy the problem. Now, our customers can sleep soundly knowing that their site is protected to the fullest.
The Basics Of Selective Acknowledgment
You are probably eager to find out how everything works. Well, you should take the time to learn a little more about TCP Selective Acknowledgment. Once you’ve found how it works, you’ll have a much better idea of how the vulnerability actually plays out. SACK is a mechanism that gives the receiver the ability to notify the sender that the data has been received. In return, this makes it possible for the sender to resend portions of the stream that have gone missing. Suffice to say, having TCP SACK activated is generally a good thing.
This is really only an issue when a flaw has been discovered in the system. This was the case recently.
Kernel Panic: What Is It?
Due to the vulnerabilities in the TCP networking in both Linux and FreeBSD kernels, the probability of a kernel panic was extremely high. Kernel panics are the result of an improperly configured or installed kernel. These problems can occur when the operating system is attempting to write or access memory. Depending on the operating system, a warning message may appear on the computer screen to request a restart.
In the case of the Linux operating system, the vulnerabilities were related to software bugs, bad drivers and overtaxed memory. Unlike Windows and Mac operating systems, the Linux kernel is open-source, which means it can be altered by anyone. While there are risks involved in open-source software, there are multiple team members working on the problems at the same. This ensures that the problem is remedied quicker.
We Use CloudLinux And KernelCare
Our company is proud to utilize CloudLinux and KernelCare. This gives us the ability to take care of problems quickly and conveniently. CloudLinux has two options for dealing with the issues caused by CVE-2019-11478 and CVE-2019-11477. With KernelCare, we are able to remedy certain problems without needing to reboot. The Kernel security updates are carried out automatically. Most of our customers will never even know the difference. After all, the updates can be installed without needing to reboot the system. In return, this minimizes downtime.
After all, our company wants to make sure that you get the best service possible. We understand how costly downtime can be and we aim to minimize such problems. On top of that, KernelCare ensures that your server never missed an important update. They’re installed within a few hours of being released. This guarantees that our network is safer and securer than that of the competition.
We’ve Got You Covered
When it comes down to it, security vulnerabilities are not going anywhere. New ones will be discovered at some point in the future. Nevertheless, you shouldn’t worry about it too much. After all, you’re working with us. We’ve got you covered. We are aggressive when it comes to tackling such problems. As soon as a vulnerability is discovered, we’ll take action to ensure that the problem is dealt with as quickly as possible. If you want that level of peace of mind, you can rest assured knowing that you’ve got it with us.
Your Security Matters To Us
In a perfect world, there would be no security breaches, everyone would be a ten, and there would be no war. Unfortunately, we do not live in a perfect world. And, this is something that our hosting service understands more than most. You can see that from our latest security breaches. We know that no matter what we do to secure your website there are always going to be potential security risks. This is why we have teams that are always working diligently to patch those security leaks.
Your security is our top priority and you can rest assured that we are going to do everything within our power to patch these leaks as soon as they show up. As you know we use CloudLinux and KernelCare to ensure that security breaches are patched as soon as they arise.