Michael Tremer announced the release of IPFire 2.23 Core Update 134, a new maintenance update to the open-source, hardened, and versatile Linux-based firewall that adds the latest security fixes and component updates.
IPFire 2.23 Core Update 134 is here to address the recently discovered SACK Panic (CVE-2019-11477 and CVE-2019-11478) security vulnerabilities, affecting Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. These are serious flaws and could allow remote attackers to cause a so-called SACK Panic attack (denial of service).
“The Linux kernel was vulnerable for two DoS attacks against its TCP stack. The first one made it possible for a remote attacker to panic the kernel and a second one could trick the system into transmitting very small packets so that a data transfer would have used the whole bandwidth but filled mainly with packet ov… (read more)
from Softpedia News / Linux https://news.softpedia.com/news/ipfire-open-source-linux-firewall-now-patched-against-sack-panic-vulnerabilities-526628.shtml