Protecting our SLES 11/12 servers against SACK Panic" / CVE-2019-11477
All SUSE Linux and openSUSE versions are affected.
There are no security patches released yet it seems to fix this issue and only some workaround only being advised.
We are in that waiting game, of hoping effective patches come out before any exploits start poking around the net.
That an exploit would be a Denial of Service issue, so how bad would it be for a given set of externally facing services to be down? If a given service can readily be down the time of a reboot, then probably safe to wait until the patches are ready. If such a down time has direct consequence, then be seriously testing out the work around options and start implementing them.
I can imagine extortion attempts of `pay money or we take you down`, but in those cases you have a bit of warning to get cracking about getting work arounds into production.
We are early in the process and will have patching to do soon, but until their are attacks in the wild, we have some breathing room.
more on the topic with a firewall speed bump at https://isc.sans.edu/diary/rss/25046