Netflix has publicly announced a very serious network vulnerability for FreeBSD which allows attackers to seriously slow down it's delivery of networking services. *BSD users BTFO!
Netflix announced 3 TCP-related vulnerabilities in the Linux kernel, one of which can be used to knock a server off the Internet. New kernels patching these flaws were released today.
CVEs are CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 and CVE-2019-5599. They will probably be made public soon now that patched kernels are available.
Wut?. Impossible. Open source shit has been peer reviewed!
>Open source shit has been peer reviewed!
yes, that's exactly how this was found.
>FreeBSD vulnerability
>*BSD users BTFO
>Netflix is my peer
Windows 10 doesn't have this problem.
upgrade-time
>B-but a corporation did it! It’s not a real vulnerability, it’s botnet!
That's the idea, yes.
lol, freebsd
are you sure openBSD doesn't have the same problem? isn't it basically the same kernel?
Nope, sure isn't. For one, it exposes less than half of the amount of system calls that FreeBSD exposes.
Both NetBSD and OpenBSD are not affected by this vulnerability.
Classic FreeBSD moment, really.
But I cannot upgrade my debian kernel without doing dist upgrade that's not stable way for me as it is dangerous
luckily one of that CVE can be disabled using single command and other two just waste bandwidth which can be easily analyzed and IP banned
am I safe r-right?
Yes. You're fine. echo 0 > /proc/sys/net/ipv4/tcp_sack disabling SACK's will actually prevent both CVE-2019-11477 and CVE-2019-11478 since both of those problems are specific to SACKs. CVE-2019-11479 requires that the attacker wastes almost as much bandwidth as you waste so it's limited how long someone would bother.
>But I cannot upgrade my debian kernel without doing dist upgrade that's not stable way for me as it is dangerous
Retarded frogshit.
Yep, netflix found it
tell me about those dozens of windows vulnerabilities that aren't public and only certain people / companies know them to exploit users
oh wait, you can't
How exactly do you think open source peer reviewing works?
Why not just peer review the code before it's officially introduced and actually putting people at risk?.
Why doesn't windows test their code at least once before releasing it to public?
Why doesn't apple test their hardware at least once before release?
> dist upgrade
> hat's not stable way
> am I safe r-right?
No, just retarded.
why doesn't kys himself before posting
That's not how open source code works in the real world, sweetie.
>Why not just peer review the code before it's officially introduced
lol right, let's go back to 1999 and peer-review that Linux kernel.
nope not happening
LOL. This vulnerability has been there since 1999?????????????????????. Oh shit. Jow Forums this entire time was saying open Linux was safe. Everybody on Jow Forums already combed through the sauce code with a finetooth comb and ensured there was no flaws?. This was the magic of open source shit?. So everybody could see the flaw right?.
This what happend when you surrend meritocracy and let the trannies in.
This
This those vulnerabilities are commodified sold around in bulk like your gay asshole. You have so many back orifice gaps, you look like goatse. The worst part, you'll never even know it.
Aren't both MacOS and Windows NT's network stacks based off of BSD's?
iirc Windows switched to their own stack around 8(.1)
>peer review the code before you make it available so it can be peer reviewed
>isn't it basically the same kernel?
Hasn't been for 20 years...
It is, but it can still take time until vulnerabilities are found.