Description of problem:
As per discussion with Jesper Dangaard Brouer, he suggests that we need to backport specific fixes to reduce the icmp_send() ratelimit, which in turn has an affect on CVE-2017-5972 ( https://bugzilla.redhat.com/show_bug.cgi?id=1422081 ).
Version-Release number of selected component (if applicable):
Current RHEL 7.
I have not tested these, this is not considered a security flaw but a reccomended hardening fix.
Red Hat Product Security.
Patch(es) committed on kernel repository and an interim kernel build is undergoing testing
Patch(es) available on kernel-3.10.0-647.el7
related test passed:
This changes introduces a regression, see bug 1461282.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.