Hi folks, Just now one of the more severe security issues of this year has been published. A remote attacker able to make TCP connections to a Linux machine can crash this machine, regardless of the service running. The codename is "SACK Panic" / CVE-2019-11477. There are two more issues in the block, but these are less severe (just causing higher memory, compute time or bandwith usage.) - CVE-2019-11478: SACK Slowness or Excess Resource Usage - CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values All SUSE Linux and openSUSE versions are affected, and we are just releasing all SLE update kernels, and building openSUSE kernels. There are workarounds, you can disable "SACK" in the system itself for the first 2 issues, and adding Firewall filtering for low MSS values, either on the machine or on a firewall in the path. SUSE TID: https://www.suse.com/de-de/support/kb/doc/?id=7023928 Blog: https://www.suse.com/c/suse-address-the-sack-panic-tcp-remote-denial-of-serv... openSUSE Leap kernels are building right now (as they had to wait for Embargo End) and will be released tomorrow. Ciao, Marcus