SOL15301 - Linux kernel TCP ISN vulnerability CVE-2011-3188

Recommended action

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.

FirePass

To protect the FirePass controller, you can use a TCP and/or IP proxy in front of FirePass to mitigate the issue.

Note: For information about Linux kernel versions that the BIG-IP system uses, and how the BIG-IP uses the Linux operating system, refer to SOL3645: Base operating system information for the BIG-IP Host system.

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL13284: Overview of management interface routing (11.x)
• SOL3669: Overview of management interface routing (9.x - 10.x)