IPFire Open-Source Linux Firewall Now Patched Against SACK Panic Vulnerabilities
Michael Tremer announced the release of IPFire 2.23 Core Update 134, a new maintenance update to the open-source, hardened, and versatile Linux-based firewall that adds the latest security fixes and component updates.
IPFire 2.23 Core Update 134 is here to address the recently discovered SACK Panic (CVE-2019-11477 and CVE-2019-11478) security vulnerabilities, affecting Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. These are serious flaws and could allow remote attackers to cause a so-called SACK Panic attack (denial of service).
“The Linux kernel was vulnerable for two DoS attacks against its TCP stack. The first one made it possible for a remote attacker to panic the kernel and a second one could trick the system into transmitting very small packets so that a data transfer would have used the whole bandwidth but filled mainly with packet ov… (read more)