On Tue, 21 Apr 2020 at 15:29, Eugene Grosbein <[email protected]> wrote: > > 21.04.2020 23:55, FreeBSD Security Advisories wrote: > > ============================================================================= > > FreeBSD-SA-20:10.ipfw Security > > Advisory > > The FreeBSD > > Project > > > > Topic: ipfw invalid mbuf handling > > [skip] > > > IV. Workaround > > > > No workaround is available. Systems not using the ipfw firewall are > > not vulnerable. > > This is not true. The problem affects only seldom used rules matching TCP > packets > by list of TCP options (rules with "tcpoptions" keyword) and/or by TCP MSS > size > (rules with matching "tcpmss" keyword, don't mix with "tcp-setmss" action > keyword).
I believe this is correct; what about this statement: No workaround is available. Systems not using the ipfw firewall, and systems that use the ipfw firewall but without any rules using "tcpoptions" or "tcpmss" keywords, are not affected. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
