<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">No. This isn’t POODLE it is a discussion about implementation of an RFC that started with kernel 3.6. My OP noted that it also affects kernels in RHEL6.5
and higher even though those are based on lower upstream kernel versions. Presumably RedHat backported the RFC implementation into those. As I noted this means any derivative such as CentOS, OEL and others would be affected.<br>
<br>
There may be other non RH derived distros that have done similar backporting. You’d have to check for your distro but regardless, if you have kernel 3.6 and above you are impacted.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The link I sent is in your reply so I don’t know what you mean when you say you’re missing the OP with a link.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ale-bounces@ale.org [mailto:ale-bounces@ale.org]
<b>On Behalf Of </b>Wolf Halton<br>
<b>Sent:</b> Saturday, August 13, 2016 3:18 AM<br>
<b>To:</b> jimkinney@gmail.com; Atlanta Linux Enthusiasts<br>
<b>Subject:</b> Re: [ale] Linux TCP Flaw<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Talking about the POODLE exploit? I seem to be missing the OP with a link. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">PCI DSS 3.1 came out anouncing SSL was compromised and could no longer pass compliance. Early TLS similarly were compromised. The openssh package was discovered to have a flaw-now patched. PCI DSS 3.2 gave orgs a little more time to fix
(reconfigure) there existing hosts to deny SSL and early TLS. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">You cannot believe the howling and gnashing of teeth from business unit owners who were terrified they would lose a penny because their customers might be using Internet Explorer six or eight. Apparently they don't know I don't care that
their web servers are collecting information about the browser version, and they could check to see if there were any antique browsers contacting them. <br>
<br>
<span style="font-size:13.0pt">Wolf Halton</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Mobile/Text <span style="font-size:13.0pt">678-687-6104</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">--<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Sent from my iPhone. Creative word completion courtesy of Apple, Inc. <o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Aug 12, 2016, at 11:05, Jim Kinney <<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p style="mso-margin-top-alt:5.0pt;margin-right:.5in;margin-bottom:5.0pt;margin-left:.5in">
My understanding is this can be used to force an ssh/ssl/tls connection to downgrade encryption to a version that's easily crackable. For high security systems, those formats should already be disabled. But for public facing sites that have to work with clients
that may not yet support better methods, the mitigation method is essential. I see no reason to not implement the mitigation on hardened servers as a diaper. It should also be done on all client systems as those usually don't have hardened encryption initiated
unless they are a rather new install with special follow-on procedures.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">
On Aug 12, 2016 9:56 AM, "Lightner, Jeffrey" <<a href="mailto:JLightner@dsservices.com">JLightner@dsservices.com</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://thehackernews.com/2016/08/linux-tcp-packet-hacking.html" target="_blank">https://thehackernews.com/2016/08/linux-tcp-packet-hacking.html</a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
Other stories related to this last night.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
My read last night was Disturbing because it says it can be used to disrupt even ssh/sftp/https connections.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
Although it says it is in the 3.6 kernel and later it appears some earlier kernels for RedHat (and therefore CentOS and other derivatives) are affected. RedHat says all RHEL6.5 and above and RHEL 7. Earlier versions they say are not affected.
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
There is a mitigation in the story which is the same being suggested by RedHat.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Jeffrey C. Lightner</span></i><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Sr. UNIX/Linux Administrator</span></i><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">DS Services of America, Inc.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">2300 Windy Ridge Pkwy</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Suite
<i>600 N</i></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">Atlanta, GA 30339-8461</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">P:
</span><a href="tel:678-486-3516" target="_blank"><i><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif"">678-486-3516</span></i></a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">C:
</span><a href="tel:678-772-0018" target="_blank"><i><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif"">678-772-0018</span></i></a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">F:
</span><a href="tel:678-460-3603" target="_blank"><i><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif"">678-460-3603</span></i></a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">E:
</span><a href="mailto:jlightner@dsservices.com" target="_blank"><i><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif"">jlightner@dsservices.com</span></i></a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:.5in;mso-margin-bottom-alt:auto;margin-left:.5in">
<o:p></o:p></p>
</div>
<p style="mso-margin-top-alt:5.0pt;margin-right:.5in;margin-bottom:5.0pt;margin-left:.5in;line-height:10.0pt">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif"">CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete
it. Thank you <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:12.0pt;margin-left:.5in">
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="mso-margin-top-alt:5.0pt;margin-right:.5in;margin-bottom:5.0pt;margin-left:.5in">
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</body>
</html>