Language Selection

English French German Italian Portuguese Spanish

FreeBSD has its own TCP-queue-of-death bug, easier to hose than Linux's SegmentSmack

Filed under

Hard on the heels of the Linux kernel's packets-of-death attack dubbed SegmentSmack, a similar vulnerability has been disclosed and fixed in FreeBSD.

Attributed to SegmentSmack discoverer Juha-Matti Tilli of Aalto University in Finland, the FreeBSD TCP issue is related to how the operating system's networking stack reassembles segmented packets. Much in the same way Linux kernel versions 4.9 and higher can be brought down by bad network traffic, a sequence of maliciously crafted packets can also crash FreeBSD machines.

FreeBSD 10, 10.4, 11, 11.1, and 11.2 are affected, and the maintainers have released patches to mitigate the programming cockup. In the open-source operating system project's advisory for CVE-2018-6922 (Linux's SegmentSmack was assigned CVE-2018-5390), the problem was this week described as an “inefficient algorithm” involving a segment reassembly data structure.

Read more

More in Tux Machines

Qt Creator 4.9 Beta released

We are happy to announce the release of Qt Creator 4.9 Beta! There are many improvements and fixes included in Qt Creator 4.9. I’ll just mention some highlights in this blog post. Please refer to our change log for a more thorough overview. Read more

Hack Week - Browsersync integration for Online

Recently my LibreOffice work is mostly focused on the Online. It's nice to see how it is growing with new features and has better UI. But when I was working on improving toolbars (eg. folding menubar or reorganization of items) I noticed one annoying thing from the developer perspective. After every small change, I had to restart the server to provide updated content for the browser. It takes few seconds for switching windows, killing old server then running new one which requires some tests to be passed. Last week during the Hack Week funded by Collabora Productivity I was able to work on my own projects. It was a good opportunity for me to try to improve the process mentioned above. I've heard previously about browsersync so I decided to try it out. It is a tool which can automatically reload used .css and .js files in all browser sessions after change detection. To make it work browsersync can start proxy server watching files on the original server and sending events to the browser clients if needed. Read more

GNOME 3.32 Desktop Environment Gets a Second Beta Release, RC Lands March 6th

The GNOME 3.32 beta 2 release is here two weeks after the first beta version to add even more improvements and squash as many bugs as possible before the final release hits the streets next month. The second beta release of the GNOME 3.32 desktop environment also marks the beginning of the String Freeze development stage. Read more

Tumbleweed Snapshots Are Steadily Rolling

The latest snapshot of the week, 20190219, had more than a dozen packages updated. A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has was added with the krb5 1.17 package, which brought some major changes for the administration experience for the network authentication protocol Kerberos. The permissions package update 20190212 removed several old entries and the kernel-space and user-space code package tgt 1.0.74 fixed builds with the newer glibc. A couple xf86 packages were updated. The 1.4.0 version of xf86-video-chips was a bug fix release for X.Org Server. There was an X Server crash bug with the version 1.3 affecting devices older than the HiQVideo generation. The change log said the code may not compile against X Server 1.20 since it no longer supports 24-bit color. A few other YaST packages were updated in the snapshot like yast2-installation 4.1.36, which had an update that saves the used repositories at the end of installation so as not to offer the driver packages again. The 20190217 snapshot had just three packages updated. The keyboard management library libgnomekbd 3.26.1 fixed a build with new GLib and updated translations. VMcore extraction tool makedumpfile 1.6.5 added some patches, bug fixes and improved support for arm64 systems with Kernel Address Space Layout Randomization (KASLR). The jump in the release of yast2-storage-ng from 4.1.53 to 4.1.59 provided quite a few changes like allowing the partitioner to create block cache (bcache) devices without a caching set and the newest version limits bcache support to x86_64. Read more